ICS Mid2 Answers
ICS Mid2 Answers
1. Email Phishing:
It is the most common phishing attack where attackers impersonate trusted entities
like banks or government authorities and send out mass emails. These emails are
delivered with high urgency, requesting immediate responses and sensitive
information through fake links that enable attackers to perform numerous malicious
activities such as installing viruses or malware and stealing money from user
accounts.
2. Spear Phishing:
This is a more targeted type of phishing attack, unlike email phishing, where
malicious emails are sent to specific individuals in an organisation. Attackers use
the target’s name, position, work phone number and other seemingly legitimate
information to trick the recipient into believing they have a connection with the
sender. The goal is the same as with email phishing: to get the recipient to click on
the fake URL and hand over personal data
3. Whaling Attacks:
They do this by infiltrating organisation networks, following up with a phone call
routed through a trusted agency to gain target trust and sending emails from
trusted organisation partners. Once the executive email is compromised, sensitive
authentication information is obtained, fraudulent wire transfers are conducted,
and tax and benefit information of employees can be published on the dark web.
4. Vishing:
Vishing is a form of phishing, conducted using a phone and placing a phone call.
The fraudulent caller uses VoIP (Voice over Internet Protocol) servers to deliver
mostly automated IVRS-like messages that appear to come from legitimate entities
such as banks, insurance or government institutions. During the call, a recipient is
informed of an urgent action such as renewing their insurance, after which their
personal information such as credit card details and other personal credentials are
solicited
5. Smishing:
SMS phishing is used by attackers to send SMS text messages that appear to
come from legitimate sources and contain malicious links, often disguised as offers
or discounts. If they have doubts, users can call the company named in the
suspicious SMS messages for confirmation or simply not click on an unknown
URL.
Identity theft can take various forms, and attackers often employ a range of
techniques to steal personal information. Here are some common techniques:
3. Availability: This means that the network should be readily available to its
users. This applies to systems and to data. To ensure availability, the
network administrator should maintain hardware, make regular upgrades,
have a plan for fail-over, and prevent bottlenecks in a network. Attacks
such as DoS or DDoS may render a network unavailable as the resources
of the network get exhausted. The impact may be significant to the
companies and users who rely on the network as a business tool. Thus,
proper measures should be taken to prevent such attacks.
6)Define computer forensics and digital forensics. List the roles
of digital forensics.?
Computer Forensics
Types
Digital Forensics:
Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting any valuable digital
information in the digital devices related to the computer crimes, as a part
of the investigation. In simple words, Digital Forensics is the process of
identifying, preserving, analyzing and presenting digital evidences. The
first computer crimes were recognized in the 1978 Florida computers act
and after this, the field of digital forensics grew pretty fast in the late 1980-
90’s. It includes the area of analysis like storage media, hardware,
operating system, network and applications. It consists of 5 steps at high
level: