secPlus+


Match the description with the most accurate attack type.

- Attacker obtains bank account number and birth date by calling the victim


x : On-path On-path attacks are quite effective because the attacker can often sit invisibly between two devices and gather useful information or modify the data streams in real-time.
: Vishing Social engineering over the telephone continues to be an effective attack vector, and obtaining personal information such as a bank account or birth date would be considered phishing over voice, or vishing.
x : DDoS A DoS (Denial of Service) occurs when a service is unavailable due to the effects of a third-party. A DDoS (Distributed Denial of Service) occurs when multiple third-parties work together to create a service outage.
x : Supply Chain A supply chain attack infects part of the product manufacturing process in an attempt to also infect everything further down the chain. An industry trade event would not be a common vector for a supply chain attack.
x : Spoofing Spoofing happens any time a device pretends to be another device. If a DNS server has been modified to hand out the IP address of a different server, then it's spoofing the IP address of the attacker.
x : Hoax Computer hoaxes
  • A threat that doesn't actually exist
    • But they seem like they COULD be real
  • Still often consume lots of resources
    • Forwarded email messages, printed memorandums, wasted time
  • Often an email
    • Or Facebook wall post, or tweet, or...
  • Some hoaxes will take your money
    • But not through electronic means
  • A hoax about a virus can waste as much time as a regular virus
De-hoaxing
  • It's the Internet. Believe no one.
    • Consider the source
  • Cross reference
    • http://www.hoax-slayer.net
    • http://www.snopes.com
  • Spam filters can help
    • There are so many other ways...
  • If it sounds too good to be true...
    • So many sad stories
x : Spam Spam
  • Unsolicited messages
    • Email, forums, etc.
    • Spam over Instant Messaging (SPIM)
  • Various content
    • Commercial advertising
    • Non-commercial proselytizing
    • Phishing attempts
  • Significant technology issue
    • Security concerns
    • Resource utilization
    • Storage costs
    • Managing the spam
x : Social Engineering Secure Network Time Protocol (NTPsec).
Time synchronization
  • Classic NTP has no security features
    • Exploited as amplifiers in DDoS attacks
    • NTP has been around prior to 1985
  • NTPsec
    • Secure network time protocol
    • Began development in June of 2015
  • Cleaned up the code base
    • Fixed a number of vulnerabilities
x
x
x
x
x
x
x