0% found this document useful (0 votes)
14 views12 pages

ICS Mid2 Answers

Uploaded by

nandini230804
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
14 views12 pages

ICS Mid2 Answers

Uploaded by

nandini230804
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

1)different stages during attack?

While the specifics of individual attacks may vary, it is


possible to define seven phases of a cyber-attack.

Phase one: Reconnaissing a target for hacking

In the reconnaissance phase, hackers identify a vulnerable


target and explore how to exploit it. The initial target can be
anyone in the company. Attackers need only a single point
of entrance to get started. Targeted phishing emails are
common as an effective method of distributing malware in
this phase.
The whole point is getting to know the target. At this stage,
hackers are asking themselves who the important people in
the company are, who they do business with, and what
public data is available about the target organization.
Company websites and online contact resources such as
Linkedin are two obvious sources for researching key people
in organizations. Identifying suppliers and customers may
involve ‘social engineering’ where a hacker makes bogus
sales calls to the company.
Among publicly available data, hackers collect Internet
Protocol (IP) address information and run scans to
determine what hardware and software the target company
is using. They check the Internet Corporation for Assigned
Names and Numbers (ICAAN) web registry database.
The more time hackers spend gaining information about the
people and systems at the company, the more successful
the hacking attempt will be.

Phase two: Weaponizing information on a


company
In the weaponization phase, the hacker uses the previously
gathered information to create ways to get into the target’s
network.
This could involve creating believable spear phishing e-mails
that look like e-mails that the target could potentially
receive from a known vendor or other business contact.
Another hacker tactic is to create ‘watering holes’, fake web
pages that look identical to a vendor’s or a bank’s web page.
This aims to capture usernames and passwords, or to offer a
free download of a malware-infected document or something
else of interest.
The attacker’s final action in this phase is to collect the
tools to successfully exploit any vulnerabilities that they
may find when they later gain access to the target’s
network.

Phase three: ‘Delivering’ the attack


The attack starts in the delivery phase. Phishing e-mails are
sent, ‘watering hole’ web pages are posted to the internet,
and the attacker waits for the arrival of all the data they
need.
If the phishing e-mail contains a weaponized attachment,
then the attacker waits for someone to open the attachment
and for the malware in it to ‘call home’ to the hacker.

Phase four: Exploiting the security breach


In the exploitation phase, the hacker starts to reap the
rewards of preparing and delivering the attack.
As usernames and passwords arrive, the attacker tries them
against web-based e-mail systems or virtual private network
(VPN) connections to the company network. If malware-
infected attachments were sent, then the attacker remotely
accesses the affected computers.
The hacker explores the targeted network and gains a
better idea of the traffic flow on it, what systems are
connected to it, and how they can be exploited.

Phase five: Installing a persistent backdoor


In the installation phase, the attacker ensures continued
access to the network.
To achieve this, the hacker will install a persistent
backdoor, create administrator accounts on the network,
and disable firewall rules. They may even activate remote
desktop access on servers and other systems on the
network.
The hacker’s intention at this point is to be certain of
staying in the system as long as needed to achieve their
objectives.

Phase six: Exercising command and control


Now they have unrestrained access to the entire network
and administrator accounts, all the required tools are in
place for the command and control phase.
The attacker can look at anything, impersonate any user on
the network, and even send e-mails from the CEO to all
employees.
Now in control, the hacker can lock a company’s IT users
out of the organization’s entire network if they want to,
perhaps demanding a ransom to restore access.

Phase seven: Achieving the hacker’s


objectivesThe action on objectives phase now begins.
This could involve stealing information on employees,
customers, product designs, and so on. Or an attacker could
start to disrupt the target company’s operations.
Not all hackers are after monetizable data or incriminating
emails that they can publish. Some simply want to cause
chaos or to inflict pain on a company. If a company receives
online orders, a hacker could shut down the ordering system
or delete orders, for example. They could even create orders
and have them shipped to the company’s customers.
If a hacker gains access to an Industrial Control System,
they could shut down equipment, enter new set points, and
disable alarms.
3)The six most common types of phishing
attacks?

1. Email Phishing:
It is the most common phishing attack where attackers impersonate trusted entities
like banks or government authorities and send out mass emails. These emails are
delivered with high urgency, requesting immediate responses and sensitive
information through fake links that enable attackers to perform numerous malicious
activities such as installing viruses or malware and stealing money from user
accounts.

2. Spear Phishing:
This is a more targeted type of phishing attack, unlike email phishing, where
malicious emails are sent to specific individuals in an organisation. Attackers use
the target’s name, position, work phone number and other seemingly legitimate
information to trick the recipient into believing they have a connection with the
sender. The goal is the same as with email phishing: to get the recipient to click on
the fake URL and hand over personal data

3. Whaling Attacks:
They do this by infiltrating organisation networks, following up with a phone call
routed through a trusted agency to gain target trust and sending emails from
trusted organisation partners. Once the executive email is compromised, sensitive
authentication information is obtained, fraudulent wire transfers are conducted,
and tax and benefit information of employees can be published on the dark web.
4. Vishing:
Vishing is a form of phishing, conducted using a phone and placing a phone call.
The fraudulent caller uses VoIP (Voice over Internet Protocol) servers to deliver
mostly automated IVRS-like messages that appear to come from legitimate entities
such as banks, insurance or government institutions. During the call, a recipient is
informed of an urgent action such as renewing their insurance, after which their
personal information such as credit card details and other personal credentials are
solicited

5. Smishing:
SMS phishing is used by attackers to send SMS text messages that appear to
come from legitimate sources and contain malicious links, often disguised as offers
or discounts. If they have doubts, users can call the company named in the
suspicious SMS messages for confirmation or simply not click on an unknown
URL.

6. Social Media Phishing:


Social Media Phishing is where attackers exploit users on social media by
impersonating well-known brands and creating fake accounts or luring victims to
share personal and sensitive information on social media by tracking their
preferences and choices and then inviting them to click on malicious links.
4)Different techniques of ID theft?

Identity theft can take various forms, and attackers often employ a range of
techniques to steal personal information. Here are some common techniques:

1. Phishing: Attackers send deceptive emails or messages pretending to be from


legitimate organizations, asking recipients to provide sensitive information
such as passwords, Social Security numbers, or credit card details.

2. Social Engineering: This involves manipulating individuals into divulging


confidential information through psychological manipulation. It can be done
over the phone, in person, or online. Attackers might impersonate authority
figures, manipulate emotions, or create a sense of urgency to trick people into
giving up their information.

3. Data Breaches: Hackers target


organizations to steal large
amounts of personal information
stored in their databases. These
breaches can occur due to
vulnerabilities in systems, malware infections, or insider threats.
4. Skimming: Criminals install devices on ATMs, point-of-sale terminals, or gas
pumps to capture credit or debit card information when cards are swiped. This
stolen data is then used to create counterfeit cards or make unauthorized
transactions.
5. Shoulder Surfing: Attackers physically observe individuals entering sensitive
information such as PINs or passwords, often in crowded or public places like
ATMs, cafes, or airports.

6. Pretexting: Similar to social engineering, pretexting involves creating a false


pretext or scenario to gain access to personal information. For example, an
attacker might pose as a bank representative and call a victim, claiming there's
an issue with their account and requesting verification of personal details.

7. Malware: Malicious software like keyloggers or spyware can be used to


secretly record keystrokes, capture login credentials, or harvest other sensitive
information from infected devices.
8. Dumpster Diving: Attackers rummage through trash or recycling bins to find
discarded documents containing personal information such as bank
statements, credit card bills, or utility bills.
9. Pharming: This technique involves redirecting website traffic to a fraudulent
website, usually through DNS cache poisoning or malware. Victims
unknowingly enter their login credentials or personal information on these
fake websites, allowing attackers to steal them.
10. Account Takeover: Attackers gain unauthorized access to existing accounts
by stealing login credentials through phishing, brute-force attacks, or
password reuse.

5)Explain the terms 1)confidentiality


2)integrity 3)availability?

1. Confidentiality: Confidentiality refers to the assurance that information is


accessible only to those who are authorized to access it. In other words, it
ensures that sensitive data remains private and is not disclosed to
unauthorized individuals, entities, or processes. Maintaining confidentiality
involves implementing measures such as encryption, access controls, and data
classification to protect information from unauthorized access, disclosure, or
theft. Examples of confidential information include personal data, financial
records, trade secrets, and classified government information.
2. Integrity: Integrity relates to the trustworthiness and accuracy of data
throughout its lifecycle. It ensures that information remains complete,
accurate, and unaltered from its intended state. Maintaining data integrity
involves safeguarding against unauthorized modifications, deletions, or
corruption, whether accidental or intentional. Techniques such as data
validation, checksums, digital signatures, and access controls are used to
prevent unauthorized changes to data. Data integrity is critical for ensuring
the reliability and validity of information for decision-making, compliance, and
operational purposes.

3. Availability: This means that the network should be readily available to its
users. This applies to systems and to data. To ensure availability, the
network administrator should maintain hardware, make regular upgrades,
have a plan for fail-over, and prevent bottlenecks in a network. Attacks
such as DoS or DDoS may render a network unavailable as the resources
of the network get exhausted. The impact may be significant to the
companies and users who rely on the network as a business tool. Thus,
proper measures should be taken to prevent such attacks.
6)Define computer forensics and digital forensics. List the roles
of digital forensics.?

Computer Forensics

Computer forensics is the application of investigation and analysis


techniques to gather and preserve evidence from a particular computing
device in a way that is suitable for presentation in a court of law. The goal
of computer forensics is to perform a structured investigation and maintain
a documented chain of evidence to find out exactly what happened on a
computing device and who was responsible for it.

Computer forensics -- which is sometimes referred to as cyber


forensics, computer forensic science, or digital forensics -- essentially is
data recovery with legal compliance guidelines to make the information
admissible in legal proceedings.

Types
Digital Forensics:
Digital Forensics is a branch of forensic science which includes the
identification, collection, analysis and reporting any valuable digital
information in the digital devices related to the computer crimes, as a part
of the investigation. In simple words, Digital Forensics is the process of
identifying, preserving, analyzing and presenting digital evidences. The
first computer crimes were recognized in the 1978 Florida computers act
and after this, the field of digital forensics grew pretty fast in the late 1980-
90’s. It includes the area of analysis like storage media, hardware,
operating system, network and applications. It consists of 5 steps at high
level:

List the roles in digital forensics


1. Incident Response: Digital forensics helps in investigating and responding to
cybersecurity incidents such as data breaches, malware infections,
unauthorized access, or network intrusions. It involves collecting and analyzing
digital evidence to understand the scope of the incident, identify the root
cause, and contain and remediate the impact.
2. Evidence Collection and Preservation: Digital forensics specialists collect,
preserve, and document digital evidence from various sources such as
computers, mobile devices, network logs, and cloud services. This evidence is
gathered in a forensically sound manner to ensure its integrity and
admissibility in legal proceedings.
3. Attribution and Identification of Threat Actors: Digital forensics can assist
in attributing cyber attacks to specific threat actors or entities by analyzing
digital artifacts, attack patterns, and indicators of compromise (IOCs). This
helps organizations understand the motivations, tactics, techniques, and
procedures (TTPs) of attackers and inform threat intelligence efforts.
4. Root Cause Analysis: Digital forensics is used to conduct root cause analysis
to determine how and why a security incident occurred. By examining system
logs, network traffic, file metadata, and memory dumps, forensic analysts can
identify vulnerabilities, misconfigurations, or security weaknesses that allowed
the incident to happen.
5. Legal and Regulatory Compliance: Digital forensics provides evidence that
can be used in legal proceedings, investigations, or regulatory compliance
audits. Forensic reports and findings may be required to support criminal
prosecutions, civil litigation, or regulatory inquiries related to cybersecurity
incidents or data breaches.
6. Malware Analysis: Digital forensics techniques are used to analyze and
reverse-engineer malware samples to understand their behavior, functionality,
and impact on compromised systems. This helps in developing effective
mitigation strategies, updating antivirus signatures, and enhancing threat
intelligence.
7. Incident Documentation and Reporting: Digital forensics involves
documenting findings, analysis, and conclusions in detailed reports that are
understandable to technical and non-technical stakeholders. These reports
provide a comprehensive overview of the incident, including the timeline of
events, the extent of the compromise, and recommendations for improving
security posture.
8. Prevention and Mitigation: Insights gained from digital forensics
investigations can inform proactive measures to prevent future security
incidents and mitigate emerging threats. This may include implementing
security controls, enhancing incident response procedures, and improving
staff awareness and training.

You might also like