Module 4: Threats to Asset Security

by
Contents hide
1 INTRODUCTION – Threats to Asset Security
2 TEST YOUR KNOWLEDGE: SOCIAL ENGINEERING
3 TEST YOUR KNOWLEDGE: MALWARE
4 Test your knowledge: Web-based exploits
5 TEST YOUR KNOWLEDGE: THREAT MODELING
6 MODULE 4 CHALLENGE
7 CONCLUSION – Threats to Asset Security
Spread the love

INTRODUCTION – Threats to Asset Security

In this immersive course on the subject, participants learn the numerous threats compromising the security and privacy regimented for digital assets. Learning involves delving into the methods and techniques used by the cybercriminals to put the assets into their targeting sites. Participants will develop a rich insight into how the tactics change in cybersecurity. In addition, the module will introduce participants to the threat modeling process which is a very critical element in anticipating and mitigating risks and vulnerabilities.

This will also cover the ever-changing methodologies of how security professionals manage to stay ahead of breach attacks. Students will use hands-on experience using changes resulting from the dynamisms in cybersecurity to equip students in looking into analyzing, assessing, and making strong digital asset safeguards. Theoretical study will thus be carried out alongside practical things students can do to guard assets within a world heavily dependent on connection and technology using real examples as well as case studies.

Learning Objectives:

  • Identifying and distinguishing social engineering types.
  • Different forms of malware will be identified.
    Web-based exploit identifications.
  • Summarize the threat modeling process.

TEST YOUR KNOWLEDGE: SOCIAL ENGINEERING

1. Fill in the blank: _____ is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

  • Quid pro quo
  • Phishing (CORRECT)
  • Whaling
  • Baiting

Phishing is a type of cybercrime that uses digital means, such as email, messages, or websites, in order to deceive people into divulging sensitive information such as passwords or financial information or getting malicious software installed on their devices.

2. What type of phishing uses electronic voice communications to obtain sensitive information or to impersonate a known source?

  • Tailgating
  • Smishing
  • Vishing (CORRECT)
  • Angler phishing

Vishing is a method of social engineering cyber-attack and it is carried out through electronic voice communications, such as telephone calls. The objective of this attack is to convince individuals to divulge private information or to impersonate a trusted entity such as a bank or government official.

3. Fill in the blank: The stages of a social engineering attack include to prepare, establish trust, use persuasion tactics, and ____.

  • spread awareness with others
  • evaluate defenses
  • disconnect from the target (CORRECT)
  • stay informed of security trends

The steps for a social engineering attack entail preparations, rapport building techniques, and persuasion techniques and then finally detaching from the victim. Most likely after obtaining the information, perpetrators will cut communications in order to hide and avoid detection because they want to target more individuals in the organization.

4. Phishing kits typically contain which of the following tools to help attackers avoid detection? Select three answers.

  • Fraudulent web links (CORRECT)
  • Fake data-collection forms (CORRECT)
  • Malicious attachments (CORRECT)
  • Email filters

Phishing kits are usually packaged with weaponized email attachments and fake data-collection forms, as well as phishing web links to assist attackers in successfully avoiding being caught.

5. Which of the following may be stages of a social engineering attack? Select three answers.

  • Establish trust (CORRECT)
  • Disconnect from the target (CORRECT)
  • Implement least privilege
  • Use persuasion tactics (CORRECT)

The stages of social engineering attack generally are building its trust, applying persuasive techniques, and cutting all ties with the target. Preparation for this may also consist of collecting necessary information on the target in advance. Tactics of persuasion employed by the attacker would entice the target to comply in revealing sensitive information.

6. Which of the following is a form of phishing? Select two answers.

  • Vishing (CORRECT)
  • Smishing (CORRECT)
  • Rainbow tables
  • Credential stuffing

TEST YOUR KNOWLEDGE: MALWARE

1. Which of the following are types of malware? Select two answers.

  • Dictionary attacks
  • Spyware (CORRECT)
  • Credential stuffing
  • Viruses (CORRECT)

Software damaged by viruses and spyware is malware. A virus is essentially used to create hurdles in the functionality of a computer, and it damages the data and software in the computer system. The spyware acquires information from the users silently, without their permission or even knowledge.

2. Fill in the blank: ____ are malware that automatically duplicate and spread themselves across systems.

  • Rootkits
  • Worms (CORRECT)
  • Botnets
  • Trojans

A worm is a form of malware that is able to duplicate itself and spread through systems, usually without user intervention.

3. What is it called when someone’s computing resources are illegally hijacked to mine cryptocurrencies?

  • Trojan horse
  • Spyware
  • Cryptojacking (CORRECT)
  • Rootkit

Cryptojacking can be defined as a form of cybercrime wherein the attacker illegally sneaks into another person’s computing resources and uses them to illegally mine some cryptocurrencies without the victim’s knowledge and consent.

4. Which of the following are common signs of a malware infection? Select three answers.

  • Slowdowns in performance (CORRECT)
  • Improved battery life
  • Increased CPU usage (CORRECT)
  • Unusual system crashes (CORRECT)

The common symptoms of infection are marked by high CPU usage, slow performance, and too many or unwanted system crashes.

5. Fill in the blank: _____ is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access.

  • Spyware
  • Ransomware (CORRECT)
  • Worm
  • Phishing

Ransomware is one of the kinds of malicious attacks, the attacks which targets an organization by encryption of its database, and the hackers further ask for a ransom before giving access to the encrypted database.

6. Which of the following actions can be taken to protect against cryptojacking?

  • Hashing user passwords in a database
  • Mining crypto coins on workstations
  • Using malware blocking browser extensions (CORRECT)
  • Reporting new CVEs®

To elude cryptojacking, such actions as using browser extensions to prohibit malware or monitoring systems for unusual spikes in CPU utilization could prove helpful.

Test your knowledge: Web-based exploits

1. Fill in the blank: _____ are malicious code or behaviors that are used to take advantage of coding flaws in a web application.

  • Web-based exploits (CORRECT)
  • Social engineering
  • Command-line interface
  • Spear phishing

Web-based exploits are malicious code or behaviors that are used to take advantage of coding flaws in a web application.

2. Cross-site scripting (XSS) attacks are often delivered by exploiting which of the following languages? Select two answers.

  • JavaScript (CORRECT)
  • SQL
  • Python
  • HTML (CORRECT)

XSS (Cross-site Scripting) attack is implemented under HTML and JavaScript, which taking into account the two languages, craftily infusing malicious scripts within the web pages, something that is easily exploitable by attackers.

3. Fill in the blank: A _____ is a coding technique that executes SQL statements before passing them onto the database.

  • botnet
  • phishing kit
  • SQL injection
  • prepared statement (CORRECT)

The prepared statement is a code approach that compiles the query previously before execution, helping to avoid SQL injection attacks. It separates the SQL code from the user input so that the input is treated only as data and not executable code; that is, input is not able to alter the query.

4. What are two examples of when SQL injections can take place?

  • When a malicious script exists in the webpage a browser loads
  • When using the login form to access a site (CORRECT)
  • When a user enters their credentials (CORRECT) When a malicious script is injected directly on the server

The scenarios that can lead to SQL injections can occur when proper validation is not applied on user input, such as entering the credentials onto the login form of a site or submitting a request by a user. Attackers expensive minds have most specialized tools and target spaces from the website where user-interactive input feature modules are found, such as search bars, contact forms, or logins, where such from the web will get the space for injecting SQL queries.

5. In a SQL injection attack, malicious hackers attempt to obtain which of the following? Select two answers.

  • Categorize the environment
  • Gain administrative rights (CORRECT)
  • Sensitive information (CORRECT)
  • Exploiting languages

An SQL injection attack occurs when a malicious hacker tries to access sensitive information such as user credentials or personal data, or seeks to achieve unauthorized administrative rights by injecting malicious SQL code into vulnerable input fields.

6. Which of the following are types of cross-site scripting (XSS) attacks? Select three answers.

  • Cryptojacking
  • Reflected (CORRECT)
  • Stored (CORRECT)
  • DOM-based (CORRECT)

There are three primary classifications of cross-site scripting (XSS): reflected, stored, and DOM-based. A DOM-based XSS attack is when a malicious script is embedded into the web page and executed when that web page is brought up in the browser, generally modifying the Document Object Model (DOM) without server involvement.

7. Fill in the blank: A(n) _____ is an attack that executes unexpected queries on a database.

  • CVE
  • SQL injection (CORRECT)
  • virus
  • malware

A SQL injection means an attack executing unauthorized or unexpected SQL requests to a database. Such injections usually occur in those segments of a website designed to accept user input like login forms, search bars, or contact fields from which malicious SQL can be plugged to manipulate the database.

3. Which of the following are phases of the NIST Incident Response Lifecycle? Select three answers.

  • Containment, Eradication, and Recovery (CORRECT)
  • Preparation (CORRECT)
  • Detection and Analysis (CORRECT)
  • Protection

TEST YOUR KNOWLEDGE: THREAT MODELING

1. Fill in the blank: Threat modeling is a process that security teams use to _____ attacks.

  • Detection and Analysis (CORRECT)
  • Identify
  • Containment, Eradication, and Recovery (CORRECT)
  • Post-Incident Activity (CORRECT)

The NIST Incident Response Lifecycle is made up of four phases, which are Detection and Analysis; Containment, Eradication, and Recovery; and Post-Incident Activity.

2. Which of the following are steps of a threat modeling process? Select three answers.

  • Mitigate risks. (CORRECT)
  • Classify assets.
  • Identify threats. (CORRECT)
  • Characterize the environment. (CORRECT)

The processes of identifying threats, characterizing the environment, and mitigating risks are the important steps in the typical threat modeling process. The third step, Characterize the Environment, entails security teams scrutinizing who and what interacts with the assets, such as users, systems, and external entities-such that they come to understand potential vulnerabilities and threats from them.

3. A threat modeling team has identified potential threats and vulnerabilities that might be exploited. The team creates a diagram that maps the threats to assets. What type of diagram is this known as?

  • An attack vector
  • An attack tree (CORRECT)
  • An attack surface
  • An attacker mindset

The attack tree devised by the team. Attack tree performs as a visual representation mapping the potential threats to an asset while displaying how different attack paths lead to the compromise of said asset.

4. Which of the following are threat modeling frameworks? Select two answers.

  • PASTA (CORRECT)
  • Trike (CORRECT)
  • XSS
  • NIST

PASTA and Trike are approaches toward modeling threats, like most others, to actively discover and mitigate risks to a system or business process. These frameworks, when implemented into an organization, give structural ways of exploring the possible threats, their vulnerabilities, and impacts, eventually leading to security improvements.

5. What are the objectives of PASTA or any other threat modeling activity? Select three answers.

  • Improve security plans. (CORRECT)
  • Prepare fixes. (CORRECT)
  • Document potential risks. (CORRECT)
  • Eliminate all future attacks.

The main aims of PASTA or any other type of threat modeling exercise ascertain potential dangers and derive solutions as well as improvement of the security plans. Threat modeling is about recognizing vulnerabilities and devising strategies to either mitigate or counteract them, thus ensuring a pro-active approach towards security.

6. Which of the following is a step of the threat modeling process? Select two answers.

  • Evaluate findings (CORRECT)
  • Identify threats (CORRECT)
  • Implement prepared statements
  • Remediate vulnerabilities

The entire process of threat modeling consists of six major steps: defining the scope, identifying the possible threats; understanding the environment; analyzing the threats; mitigation of risks; and evaluation of results.

7. Fill in the blank: PASTA is a popular _____ framework that’s used across many industries.

  • threat modeling (CORRECT)
  • attack tree
  • asset classification
  • vulnerability management

PASTA is a popular threat modeling framework that’s used across many industries. Threat modeling is the process of identifying assets, their vulnerabilities, and how each is exposed to threats.

MODULE 4 CHALLENGE

1. Fill in the blank: The four stages of a social engineering attack are to prepare, _____, use persuasion tactics, and disconnect from the target.

  • establish trust (CORRECT)
  • distribute malicious email
  • perform open-box testing
  • obtain access credentials

2. What is the main difference between a vishing attack and a smishing attack?

  • Vishing is used to target executives at an organization.
  • Vishing involves a widespread email campaign to steal information.
  • Vishing makes use of voice calls to trick targets. (CORRECT)
  • Vishing exploits social media posts to identify targets.

3. Fill in the blank: The main difference between a worm and a virus is that a worm can _____.

  • operate without the target’s knowledge
  • take control of an infected system by encrypting its data
  • be delivered inside of a legitimate-looking application
  • replicate itself across devices without requiring users to perform an action (CORRECT)

4. Which type of malware requires the user to make a payment to the attacker to regain access to their device?

  • Brute force attacks
  • Cryptojacking
  • Botnets
  • Ransomware (CORRECT)

5. Fill in the blank: Cryptojacking is a type of malware that uses someone’s device to _____ cryptocurrencies.

  • collect
  • mine (CORRECT)
  • earn
  • invest

6. What is malicious code that is inserted into a vulnerable application called?

  • Social engineering
  • Input validation
  • Injection attack (CORRECT)
  • Cryptojacking

7. An attacker sends a malicious link to subscribers of a sports news site. If someone clicks the link, a malicious script is sent to the site’s server and activated during the server’s response.

This is an example of what type of injection attack?

  • Stored
  • DOM-based
  • SQL injection
  • Reflected (CORRECT)

8. What are the reasons that an attacker would perform a SQL injection attack? Select three answers.

  • To send phishing messages to users in a database
  • To delete entire tables in a database (CORRECT)
  • To steal the access credentials of users in a database (CORRECT)
  • To gain administrative rights to a database (CORRECT)

9. What are some key benefits of the threat modeling process? Select all that apply.

  • Identify points of failure (CORRECT)
  • Help prioritize threats (CORRECT)
  • Reduce an attack surface (CORRECT)
  • Remediate all vulnerabilities

10. A security team is decomposing an application during a PASTA threat model. What information will they discover during this step of the process?

  • The types of threats that can be used to compromise data
  • Which data owners are compromising the organization
  • The vulnerabilities that have been reported to the CVE® list
  • How the application handles data and which controls are in place (CORRECT)

11. Which of the following could be examples of social engineering attacks? Select three answers.

  • An email urgently asking you to send money to help a friend who is stuck in a foreign country (CORRECT)
  • A pop-up advertisement promising a large cash reward in return for sensitive information (CORRECT)
  • An unfamiliar employee asking you to hold the door open to a restricted area (CORRECT)
  • A lost record of important customer information

12. Fill in the blank: _____ uses text messages to manipulate targets into sharing sensitive information.

  • A software bug causes an application to crash.
  • An unauthorized user successfully changes the password of an account that does not belong to them. (CORRECT)
  • An authorized user successfully logs in to an account using their credentials and multi-factor authentication.
  • A user installs a device on their computer that is allowed by an organization’s policy.

13. A digital artist receives a free version of professional editing software online that has been infected with malware. After installing the program, their computer begins to freeze and crash repeatedly.

The malware hidden in this editing software is an example of which type of malware?

  • Spyware
  • Adware
  • Scareware
  • Trojan (CORRECT)

14. Fill in the blank: A(n) _____ tool can be used by security professionals to catch abnormal activity, like malware mining for cryptocurrency.

  • Intrusion detection system (IDS) (CORRECT)
  • Fileless malware
  • Spyware
  • Attack tree

15. A hacktivist group gained access to the website of a utility company. The group bypassed the site’s login page by inserting malicious code that granted them access to customer accounts to clear their debts.

What type of attack did the hacktivist group perform?

  • Quid pro quo
  • Watering hole
  • Injection (CORRECT)
  • Rainbow table

16. Fill in the blank: A _____ cross-site scripting (XSS) attack is an instance when malicious script exists in the webpage a browser loads.

  • Brute force
  • Stored
  • DOM-based (CORRECT)
  • Reflected

17. During which stage of the PASTA framework is an attack tree created?

  • Vulnerability analysis
  • Threat analysis
  • Decomposing an application
  • Attack modeling (CORRECT)

18. Which of the following are not types of malware? Select two answers.

  • Cross-site scripting (CORRECT)
  • Worm
  • Virus
  • SQL injection (CORRECT)

19. Which of the following are common signs that a computer is infected with cryptojacking software? Select three answers.

  • Unusually high electricity costs (CORRECT)
  • Sudden system crashes (CORRECT)
  • Modified or deleted files
  • Increased CPU usage (CORRECT)

20. Which of the following are areas of a website that are vulnerable to SQL injection? Select two answers.

  • Pop-up advertisements
  • Credit card payment forms (CORRECT)
  • Social media feeds
  • User login pages (CORRECT)

21. Which stage of the PASTA framework is related to identifying the application components that must be evaluated?

  • Implement prepared statements
  • Perform a vulnerability analysis
  • Define the technical scope (CORRECT)
  • Characterize the environment

22. A threat actor tricked a new employee into sharing information about a senior executive over the phone.

This is an example of what kind of attack?

  • SQL injection
  • Malware
  • Credential stuffing Social engineering (CORRECT)

23. What is the most common form of social engineering used by attackers?

  • Ransomware
  • Adware
  • Malware
  • Phishing (CORRECT)

24. A government contractor is tricked into installing a virus on their workstation that encrypts all their files. The virus displays a message on the workstation telling the contractor that they can have the files decrypted if they make a payment of $31,337 to an email address.

What type of attack is this an example of?

  • Cross-site scripting
  • Ransomware (CORRECT)
  • Brute force attack
  • Scareware

25. Security researchers inserted malicious code into the web-applications of various organizations. This allowed them to obtain the personally identifiable information (PII) of various users across multiple databases.

What type of attack did the researchers perform?

  • Ransomware
  • Injection (CORRECT)
  • Input sanitization
  • Social engineering

26. What are the characteristics of a ransomware attack? Select three answers.

  • Attackers display unwanted advertisements on the device.
  • Attackers make themselves known to their targets. (CORRECT)
  • Attackers demand payment to restore access to a device. (CORRECT)
  • Attackers encrypt data on the device without the user’s permission. (CORRECT)

27. A small business that sells online courses conducted a threat modeling exercise on its data systems. The team conducting the exercise started by defining the scope of the model. Then, they identified threat actors who might target the data systems. Next, the team is creating a diagram that maps threats to assets that are being protected.

What is this type of diagram called?

  • Bug bounty
  • User provisioning
  • Rainbow table
  • Attack tree (CORRECT)

CONCLUSION – Threats to Asset Security

In a comprehensive study of threats in digital asset security, this program gives participants a grounding in threat understanding and mitigation. The program exposes participants to common threats and the work tools and tech used by cybercriminals, as well as active ways for example threat modeling, to equip them for the consistently changing cyber security environment.

The focus on practical insights and security professional strategies allows learners not only to grasp theoretical concepts but also to acquire the hands-on skills necessary for effectively safeguarding digital assets. Participants will come away from this course better informed about cybersecurity challenges and armed with tools to contribute to such an environment.

Leave a Comment