ANSWERSChoose an example of a passive attack.A.Changing the contents of a message in transitB. Monitoring unencrypted data sent over the networkC. Installing a virus on a user’scomputerD. Using stolen credentialsto log into a systemIdentify the option that BEST describes an insiderattack.A. A hacker installs malware through a phishing email.B. A cybercriminal eavesdrops on network traffic without authorization.C. An employee misusestheir accessrightsto stealsensitive data.D. A virusis added to a software application during manufacturing.47
2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSA. RECONNAISSANCE ATTACKA reconnaissance attack is when an attacker gathersinformation about a target system or network withoutactually attacking it. The goal is to collect data that couldlater be used to exploit vulnerabilities.DefinitionExamplesScanning a network to identify open ports,vulnerabilities, or weak spots before launching an attack.An attacker visits a company's website and LinkedInprofiles to collect employee names, job roles, and emailformats. This information helps them plan a phishingattack.Reconnaissance attacks are likedigital spying—just like burglarscheck out a house before breaking in,hackers “snoop” around networks tofind weak spots. The scary part?Most victims don’t even know it’shappening because no real damage isdone—yet!48
An attacker tries common passwords like \"123456\" or\"password\" to break into someone’s email accountwithout permission.An attacker gets a user's username and password from aphishing email and uses it to log in to a company’ssystem.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSB. ACCESS ATTACKThe attacker tries to gain unauthorized access to asystem or network. This can involve bypassingauthentication, stealing passwords, or exploiting systemweaknesses.DefinitionExamplesMany access attacks succeed becausepeople still use weak passwords like\"123456\" or \"password\"—in fact,these are always on the list of themost hacked passwords every year!Just a small mistake can give hackersfull access.49
An attacker floods a school website with too many fakerequests, causing it to crash so real students can’t accesstheir results.A hacker sends massive traffic to an online game server,making it lag or go offline so playerscan’t play.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSC. DENIAL OF SERVICE (DOS) ATTACKA DoS attack aims to make a service, website, ornetwork unavailable to its users by overwhelming itwith traffic or resource requests. This disrupts normaloperations.DefinitionExamplesDid you know? A DoS attack doesn’tneed to steal data to be dangerous—it just makes a website or servicestop working, which can costcompanies thousands of dollars perminute in lost business!50
Thousands of infected computers (botnets) are used toflood an online store’s website with traffic, making itslow or crash completely—customers can’t browse orbuy anything.A hacker uses multiple devices to send massive traffic toa popular online game’s server, causing lag anddisconnectionsfor all players worldwide.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSD. DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKA DDoS attack is similar to a DoS attack, but it involvesmultiple attackers or computers (often a botnet) toflood a target with an even larger volume of traffic,making it harder to block or defend.DefinitionExamplesDDoS attacks are like traffic jams onthe internet—except instead of cars,it's fake data! And some attackerseven rent DDoS attacks online for justa few dollars, like ordering a servicefrom a website!51
A user opens an email attachment that looks like aninvoice, but it secretly installs a virus that damages fileson the computer.A person downloads a free game from an unknownwebsite. It contains ransomware that locks all files andshows a message asking for money to unlock them.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSE. MALICIOUS CODE ATTACKA malicious code attack involves inserting harmfulsoftware (malware) into a system to cause damage,steal data, or disrupt operations. This can includeviruses, worms, trojans, or ransomware.DefinitionExamplesSome malicious code hides insidegames, apps, or “free” downloads.Once installed, it can secretly recordwhat you type—including yourpasswords! That’s why downloadingfrom unknown sources is like invitinga thief into your computer!52
TEST YOUR KNOWLEDGESelect what happens during a Denial of Service(DoS) Attacks.A. Users' personal data isstolen.B. A website is overwhelmed and becomes unavailable.C. Emails are sent to trick usersinto revealing passwords.D. Hackers gain admin accessto a system.Identify the option that BEST describes areconnaissance attack.A. Attempting to log in to a system using stolen credentials.B. Scanning a network to find open ports and potential vulnerabilities.C. Encrypting a victim'sfiles and demanding ransom for decryption.D. Modifying data in transit between two communicating devices.53
ANSWERSSelect what happens during a Denial of Service(DoS) Attacks.A. Users' personal data isstolen.B. A website is overwhelmed and becomes unavailable.C. Emails are sent to trick usersinto revealing passwords.D. Hackers gain admin accessto a system.Identify the option that BEST describes areconnaissance attack.A. Attempting to log in to a system using stolen credentials.B. Scanning a network to find open ports and potential vulnerabilities.C. Encrypting a victim'sfiles and demanding ransom for decryption.D. Modifying data in transit between two communicating devices.54
VirusDefinition: A malicious program that attaches itselfto files and spreads when the file is opened.Example: ILOVEYOU Virus – Spread via email,disguised as a love letter.WormDefinition: A self-replicating malware that spreadsacross networks without needing to attach to files.Example: Conficker Worm – Spread throughWindows vulnerabilities and infected millions ofcomputers.Trojan HorseDefinition: Malware that hides inside legitimatelooking software or files to trick users intoinstalling it.Example: Fake antivirus software that pretends toscan for threats but actually installs malware.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSTYPE OF MALICIOUS SOFTWARE55
RansomwareDefinition: Malware that locks or encrypts a victim’sdata and demands payment (ransom) to unlock it.Example: WannaCry – A global ransomware attackthat locked hospitals, companies, and individualusers’ data.SpywareDefinition: Malware that secretly monitors andcollects user data without permission.Example: Keyloggers – Record every keystroke tosteal passwords or personal information.AdwareDefinition: Software that automatically displays ordownloads ads, often slowing down devices.Example: Fireball – A type of adware that hijacksbrowsersto display ads.RootkitDefinition: Malware that hides deep in a system toallow hackersto control it without being detected.Example: Sony BMG Rootkit – Installed on music CDsto prevent copying but also exposed systems toattacks.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSTYPE OF MALICIOUS SOFTWARE56
BotnetDefinition: A network of infected devicescontrolled remotely to launch large-scaleattacks.Example: Mirai Botnet – Used to launch massiveDDoS attacks by taking over IoT devices.ScarewareDefinition: Tricks users into thinking theirsystem is infected, prompting them to buy fakesoftware.Example: Fake virus alerts that pop up onwebsites saying “Your PC is infected! Downloadnow!”FilelessMalwareDefinition: Malware that runs in memory anddoesn’t install files, making it harder to detect.Example: PowerShell-based attacks – Uselegitimate tools to perform malicious actionswithout files.2.1 SECURITY ATTACKSTYPES OF SECURITY ATTACKSTYPE OF MALICIOUS SOFTWARE57
TEST YOUR KNOWLEDGESelect the type of malicious software that hides insidelegitimate-looking programsto trick usersinto installing it.A. VirusB. WormC. Trojan HorseD. RansomwareIdentify the malware that hides deep in the system so hackerscan control your device without you knowing.A. VirusB. RootkitC. RansomwareD. Spyware58
ANSWERSSelect the type of malicious software that hides insidelegitimate-looking programsto trick usersinto installing it.A. VirusB. WormC. Trojan HorseD. RansomwareIdentify the malware that hides deep in the system so hackerscan control your device without you knowing.A. VirusB. RootkitC. RansomwareD. Spyware59
2.2 TYPES OF SOCIAL ENGINEERINGDEFINITION OF SOCIAL ENGINEERINGA type of attack that relies on persuading a person to reveal information.Social engineering is the art of one human attempting to pressure or deceiveanother human into doing something or divulging information.DEFINITION OFIMPERSONATIONPretending to be someone else.Often means pretending to be a trustedperson or entity to gain access toinformation,systems, or resourcesthat theyshouldn't have accessto.Email Impersonation: An attacker might send an email pretending to be your boss,asking you to transfer money orshare sensitive data.Phone Impersonation (Vishing): An attacker might call someone pretending to befrom the IT department and ask for login credentials or accessto secure systems.Identity Theft: Impersonation can also involve stealing someone’s identity (likeusing their personal information) to gain access to financial accounts, makepurchases, or commit fraud.60
IMPERSONATION-BASED SOCIAL ENGINEERINGA) VISHINGVishing is a form of social engineering attackover Voice over IP (VoIP).An attacker might call someone pretending to befrom the IT department and ask for logincredentials or accessto secure systems.B) EAVESDROPPINGThe act of listening in on a conversation; ORThe capture and monitoring of network IPpackets using a packetsniffer.C) SHOULDER SURFINGLooking over the shoulder of a person typing intoa computerscreen.Looking over people’s shoulders as they entercodes at secure devices, such as a bank cashmachine or a gas pump.2.2 TYPES OF SOCIAL ENGINEERING61
IMPERSONATION-BASED SOCIAL ENGINEERINGD) DUMPSTER DIVINGAttackers search through trash(e.g. from offices or homes) tofind sensitive information likenames, job titles, phonenumbers, passwords, or IDnumbers.They use this information topretend to be someonetrustworthy (like a boss, ITstaff, or service provider) totrick victims into giving moreinformation or access.E) DIVERSION THEFTDiversion theft happens when an attacker tricksa delivery driver or shipping company intodelivering a package to the wrong person orlocation.The attacker often pretends to be the recipient ora third party, using false information to stealvaluable goods without raising suspicion.2.2 TYPES OF SOCIAL ENGINEERING62
IMPERSONATION-BASED SOCIAL ENGINEERINGF) PIGGYBACKINGPiggybacking happens whensomeone sneaks into a secureplace by following someone withaccess, like through a lockeddoor.The attacker relies on theauthorized person’s trust ordistraction to enter without usingtheir own ID or accesscard.G) TAILGATINGTailgating is when an unauthorized personfollows an authorized person into a secure areawithout permission.Unlike piggybacking, tailgating often happenswithout the authorized person knowing they arebeing followed.2.2 TYPES OF SOCIAL ENGINEERING63
IMPERSONATION-BASED SOCIAL ENGINEERINGH) HONEYTRAPA honeytrap system is a fake orvulnerable-looking system set up toattract cyber attackers.Its purpose is to detect, study, ordistract attackers, protecting realsystems and gathering informationabout their methods.I) BAITINGBaiting involves offering something attractive(like a free USB drive, music, or software) to luresomeone into taking an action.When the victim takes the bait (e.g. plugs in theUSB or installs software), it can install malwareor give attackers accessto sensitive data.2.2 TYPES OF SOCIAL ENGINEERING64
IMPERSONATION-BASED SOCIAL ENGINEERINGJ) REVERSE SOCIAL ENGINEERINGThe attacker creates a problem (e.g. fakecomputer issue or network error) andpretends to be a helpful expert ortechnician.The victim then asks the attacker for help,unknowingly giving them access orsensitive information.2.2 TYPES OF SOCIAL ENGINEERING65
TEST YOUR KNOWLEDGEIdentify the main trick used in a baiting attack.A. Asking for help with a fake technical issueB. Pretending to be someone else to get informationC. Offering something attractive to lure the victimD.Following someone into a secure areaIdentify what happens during a piggybacking attack.A. An attacker installs malware through emailB. An attacker pretendsto be someone else onlineC. An attacker follows an authorized person into a secure areawith their permissionD. An attackerscans a network for open ports66
ANSWERSIdentify the main trick used in a baiting attack.A. Asking for help with a fake technical issueB. Pretending to be someone else to get informationC. Offering something attractive to lure the victimD.Following someone into a secure areaIdentify what happens during a piggybacking attack.A. An attacker installs malware through emailB. An attacker pretendsto be someone else onlineC. An attacker follows an authorized person into a secure areawith their permissionD. An attackerscans a network for open ports67
COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGDEFINITION OF PHISHINGPhishing is when someone pretends to be atrusted person or company (like a bank or website)to trick you into giving personal information, likepasswords or credit card numbers.Example:You get a fake email that looks like it's from your bank, asking you to\"verify your account\" by clicking a link — but it'sreally a scam.TYPES OF PHISHINGEmail PhishingSpear PhishingWhaling Angler PhishingVishingSmishingTypes ofPhishing68
COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGExample:TYPES OF PHISHINGEmail phishing is a type of scam where attackers send fakeemails that look like they come from a trusted source (like abank, company, or government).Fake email tricks you into clicking a link, downloading a file, orsharing personal info (like passwords or credit card numbers).EmailPhishingSmishing is a type of phishing attack that happens throughSMS (text messages).Smishing is when a scammer sends fake text messagespretending to be from a trusted source (like a bank or deliveryservice).The message usually has a link or phone number to trick youinto giving personal info or downloading malware.SmishingSpear phishing is a targeted type of phishing attack aimed at aspecific person or group.Spear phishing uses personalized messages (like your name,job, or company) to make the scam look real.The goal is to trick you into clicking a link, downloading a file,or giving sensitive information like login details.SpearPhishing69
COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGExample:TYPES OF PHISHINGVishing is short for \"voice phishing\"— a type of scam thatuses phone callsto trick people.Vishing happens when a scammer calls you pretending to besomeone you trust, like a bank officer or tech support.They try to steal personal info, like your passwords, creditcard numbers, or bank details over the phone.VishingWhaling is a type of phishing attack that targets high-profileindividuals, like CEOs, managers, or government officials.The goal is to steal sensitive data, money, or gain access tosecure systems.It’s called “whaling” because it targets the “big fish” in anorganization.WhalingAngler phishing is a type of social media scam where attackerspretend to be customerservice or official accounts.Angler phishing happens when a scammer pretends to be acompany on social media (like a fake support account).They trick users into clicking malicious links or sharingpersonal info, often by replying to real customer complaints orposts.AnglerPhishing70
TEST YOUR KNOWLEDGEIdentify the definition ofsmishing.A. A scam using fake phone callsto steal informationB. A scam using social media messagesto trick usersC. A scam using fake websitesto collect passwordsD. A scam using fake text messagesto steal personalinformationSelect who is usually targeted in a whaling attack?A. Random people using social mediaB. Senior executives or high-profile individualsC. Students and young internet usersD. IT technicians and customersupport agents71
ANSWERIdentify the definition ofsmishing.A. A scam using fake phone callsto steal informationB. A scam using social media messagesto trick usersC. A scam using fake websitesto collect passwordsD. A scam using fake text messagesto steal personalinformationSelect who is usually targeted in a whaling attack?A. Random people using social mediaB. Senior executives or high-profile individualsC. Students and young internet usersD. IT technicians and customersupport agents72
A phishing kit is ready-madesoftware that helps attackers easilycreate fake websites and emails thatlook real.It includes templates and tools totrick people into giving theirpersonal information, likepasswords or bank details.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING TOOLSDefinitionThese are tools that let attackers send fakeemails that look like they're from trustedsources(like a bank or company).They change the sender’s name or address tofool people into trusting the message.Email Spoofing Tools73
Software that records keystrokes ona victim's device, capturing sensitiveinformation like passwords andcredit card numbers without theuser's knowledge.Example: Hardware Keylogger – Asmall device plugged between akeyboard and computer to secretlyrecord keystrokes.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING TOOLSKeyloggersMalicious scripts or code that exploitvulnerabilities in web browsers to redirectusers to fake websites or automaticallydownload maliciouscontent.Browser Exploits74
A phishing kit is ready-madesoftware that helps attackers easilycreate fake websites and emails thatlook real.It includes templates and tools totrick people into giving theirpersonal information, likepasswords or bank details.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING TOOLSSpear Phishing ToolsThese are tools that let attackers send fakeemails that look like they're from trustedsources(like a bank or company).They change the sender’s name or address tofool people into trusting the message.Credential Harvesters75
A phishing kit is ready-madesoftware that helps attackers easilycreate fake websites and emails thatlook real.It includes templates and tools totrick people into giving theirpersonal information, likepasswords or bank details.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING EMAILSSOCIAL ENGINEERINGThese are tools that let attackers send fakeemails that look like they're from trustedsources(like a bank or company).They change the sender’s name or address tofool people into trusting the message.URL SHORTENING76
A phishing kit is ready-madesoftware that helps attackers easilycreate fake websites and emails thatlook real.It includes templates and tools totrick people into giving theirpersonal information, likepasswords or bank details.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING EMAILSTYPOSQUATTINGThese are tools that let attackers send fakeemails that look like they're from trustedsources(like a bank or company).They change the sender’s name or address tofool people into trusting the message.MALICIOUS REDIRECTSHACKED.COM77
A phishing kit is ready-madesoftware that helps attackers easilycreate fake websites and emails thatlook real.It includes templates and tools totrick people into giving theirpersonal information, likepasswords or bank details.COMPUTER-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGPHISHING EMAILSEMAIL SPOOFINGThese are tools that let attackers send fakeemails that look like they're from trustedsources(like a bank or company).They change the sender’s name or address tofool people into trusting the message.HIDDEN LINKS78
TEST YOUR KNOWLEDGEWhich of the following is a tool or framework often usedby attackers to automate and manage complex spearphishing campaigns?A. Microsoft ExcelB. Adobe PhotoshopC. GophishD. Windows NotepadWhat is the primary objective of a typosquattingattack?A. To create a temporary website for a one-time eventB. To trick users who mistype a website addressinto visitinga malicious or fraudulentsiteC. To host a popular online gameD. To buy and resell a domain name at a higher price79
ANSWERSWhich of the following is a tool or framework often usedby attackers to automate and manage complex spearphishing campaigns?A. Microsoft ExcelB. Adobe PhotoshopC. GophishD. Windows NotepadWhat is the primary objective of a typosquattingattack?A. To create a temporary website for a one-time eventB. To trick users who mistype a website addressinto visitinga malicious or fraudulentsiteC. To host a popular online gameD. To buy and resell a domain name at a higher price80
MOBILE-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGDEFINITIONFraudulent or social engineering attacks onAndroid or iOS mobile applications and thedigital identity of users.Types ofMobile-BasedSocialEngineeringPhishing SMSVishingOver-the-Top(OTT) PhishingSmishingEmail PhishingFake Apps81
Phishing SMSFake texts or messages aim to trick victimsinto revealing sensitive information, suchas passwords or financial data.Over-the-Top(OTT)PhishingAttackers pose as service providers,asking for personal details or one-timepasswords.SmishingSimilar to phishing, but messages appearmore urgent, often with a sense ofurgency or alarm.MOBILE-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGTYPE OF MOBILE-BASED SOCIAL ENGINEERING82
VishingVoice calls or SMSes designed to trickvictimsinto sharing sensitive information.EmailPhishingMalicious apps pretend to be legitimate,gathering personal data or causingmalware infections.Fake AppsAn attempt to steal sensitive informationvia an email that appears to be from alegitimate organization. It is not atargeted attack and can be conducted enmasse.MOBILE-BASED SOCIAL ENGINEERING2.2 TYPES OF SOCIAL ENGINEERINGTYPE OF MOBILE-BASED SOCIAL ENGINEERING83
TEST YOUR KNOWLEDGEWhich of the following describes a key characteristicof a vishing attack?A. It redirects usersto a fake website through a misspelled URLB. A scam using social media messagesto trick usersC. It relies on a fraudulent text message to steal personal dataD. It leverages voice communication to trick individualsintorevealing sensitive informationWhat is the primary method used in an Over-the-Top (OTT)phishing attack?A. Using a fake customerservice account on a social media platform to send amaliciouslinkB.Creating a fraudulent website with a common typing error in the domainnameC. Sending a personalized email with a fake invoice to trick the targetD. Sending a text message that contains a maliciouslink to a fake login page84
ANSWERSWhich of the following describes a key characteristicof a vishing attack?A. It redirects usersto a fake website through a misspelled URLB. A scam using social media messagesto trick usersC. It relies on a fraudulent text message to steal personal dataD. It leverages voice communication to trick individualsintorevealing sensitive informationWhat is the primary method used in an Over-the-Top (OTT)phishing attack?A. Using a fake customerservice account on a social media platform to send amaliciouslinkB.Creating a fraudulent website with a common typing error in the domainnameC. Sending a personalized email with a fake invoice to trick the targetD. Sending a text message that contains a maliciouslink to a fake login page85
2.3 CYBER KILL METHODOLOGYDEFINITIONThe Cyber Kill Methodology is a model that outlines the stages of a cyberattack.This guide explores each phase of the kill chain, from reconnaissance toexecution, and how organizations can use this framework to enhance theirsecurity posture86
2.3 CYBER KILL METHODOLOGYPHASE 1: RECONNAISSANCEDefinition: Reconnaissance is the first stage in the Cyber Kill Chain andinvolves researching potential targets before carrying out any penetrationtesting.Example: An attacker uses LinkedIn to find employees in a company's ITdepartment orscans a company’s network to find open ports.87
2.3 CYBER KILL METHODOLOGYPHASE 2: WEAPONIZATIONDefinition: The attacker creates a malicious payload (like malware) to exploitthe target’s vulnerabilities. The attacker combines their findings fromreconnaissance with malicioustools,such as viruses, worms, or ransomware.Example: Crafting a phishing email with a malicious attachment or linkdesigned to steal login credentials.88
2.3 CYBER KILL METHODOLOGYPHASE 3: DELIVERYDefinition: The attacker delivers the malicious payload to the target. Thepayload is delivered through phishing emails, infected USB drives,compromised websites, or other means.Example: Sending a fake email that looks like it’s from a trusted source,containing a link to download malware.89
2.3 CYBER KILL METHODOLOGYPHASE 4: EXPLOITATIONDefinition: The attacker exploits a vulnerability to execute their payload onthe target’s system. Once the malicious payload reaches the system, it takesadvantage of flaws to gain access.Example: Opening a malicious attachment triggersthe installation of malwareon the victim’scomputer.90
2.3 CYBER KILL METHODOLOGYPHASE 5: INSTALLATIONDefinition: The attacker installs malicious software on the compromisedsystem to maintain control. The malware embeds itself in the system,allowing the attacker to operate remotely or remain undetected.Example: Installing a backdoor or keylogger to capture sensitive information.91
2.3 CYBER KILL METHODOLOGYPHASE 6: ACTIONS ON OBJECTIVEDefinition: The attacker achieves their ultimate goal, such as stealing data,disrupting services, or damaging systems. Depending on the motive, thiscould involve exfiltrating sensitive information, encrypting files for ransom,orshutting down criticalsystemsExample: An attacker stealing customer credit card data from a retailer’sdatabase or deploying ransomware.92
TEST YOUR KNOWLEDGEDuring which phase of the Cyber Kill Chain does anattacker leverage a vulnerability to execute amalicious payload on a targetsystem?A. ReconnaissanceB. ExploitationC. DeliveryD. InstallationWhich of the following is the most common methodused in the Delivery phase to transmit a maliciouspayload to a target?A. A social media postB. An automated network scanC. A physical USB driveD. A phishing email93
ANSWERSDuring which phase of the Cyber Kill Chain does anattacker leverage a vulnerability to execute amalicious payload on a targetsystem?A. ReconnaissanceB. ExploitationC. DeliveryD. InstallationWhich of the following is the most common methodused in the Delivery phase to transmit a maliciouspayload to a target?A. A social media postB. An automated network scanC. A physical USB driveD. A phishing email94
CHAPTER 22.4 EXERCISES95
FUN EXERCISE96