1.2 Types of Cybersecurity Threats:

Cybersecurity threats come in different forms and can cause severe harm to individuals, organizations, and even governments. Here are some of the most common types of cybersecurity threats:

  1. Malware: Malware is short for malicious software. It is any software that is designed to damage, disrupt, or gain unauthorized access to a computer system. There are several types of malware, including:
  • Viruses: These are computer programs that replicate themselves and spread from one computer to another.
  • Trojans: These are programs that pretend to be legitimate software but are actually designed to damage, disrupt, or steal data.
  • Worms: These are self-replicating programs that spread over a network and can cause significant damage.
  • Ransomware: This is a type of malware that encrypts the victim's files, making them inaccessible until a ransom is paid.
  1. Social engineering: Social engineering is the use of deception to manipulate individuals into divulging sensitive information or performing actions that are against their best interests. Some common social engineering techniques include:
  • Phishing: This is the use of fraudulent emails or websites to trick people into giving away sensitive information.
  • Baiting: This is the use of physical media, such as USB drives or CDs, to trick people into installing malware or giving away sensitive information.
  • Pretexting: This is the use of false pretenses to gain access to sensitive information.
  1. Insider threats: Insider threats are cybersecurity threats that originate from within an organization. This can include current or former employees, contractors, or business partners. Insider threats can be intentional or accidental and can be caused by negligence, malice, or ignorance.
  2. Advanced persistent threats (APTs): APTs are sophisticated attacks that are specifically designed to gain access to sensitive information over an extended period. APTs are typically carried out by well-funded and highly skilled cybercriminals or nation-states.
  3. Denial-of-service (DoS) attacks: A DoS attack is an attempt to overwhelm a computer system or network with traffic, rendering it inaccessible to users. These attacks can be carried out by a single attacker or a group of attackers and can be extremely disruptive.

 

Quizes for Topic 2:

Single
Choice
Multiple
Choice
"Free"
Choice
Sorting
Choice
Matrix 
Sorting
Fill in the
Blank
Assessment
(Survey)

What is malware?

A type of social engineering technique
A type of advanced persistent threat
Malicious software
A type of denial-of-service attack

Which type of social engineering technique uses fraudulent emails or websites?

Baiting
Pretexting
Phishing
Malware

What are insider threats

Cybersecurity threats that originate from outside an organization
Cybersecurity threats that originate from within an organization
Cybersecurity threats that target individuals on social media
Cybersecurity threats that target mobile devices

What is a denial-of-service (DoS) attack?

An attempt to gain unauthorized access to a computer system
A type of social engineering technique
A type of advanced persistent threat
An attempt to overwhelm a computer system or network with traffic, rendering it inaccessible to users

What is a denial-of-service (DoS) attack?

An attempt to gain unauthorized access to a computer system
A type of social engineering technique
A type of advanced persistent threat
An attempt to overwhelm a computer system or network with traffic, rendering it inaccessible to users

Which of the following are types of malware? (Select all that apply)

Viruses
Worms
Trojan horses
Ransomware
Spyware

Which of the following is a social engineering attack that involves creating a sense of urgency or panic to trick someone into divulging sensitive information or performing an action?

Phishing
Pretexting
Baiting
Scareware

What are insider threats? (Select all that apply)

Cybersecurity threats that originate from outside an organization
Cybersecurity threats that originate from within an organization
Cybersecurity threats that target individuals on social media
Cybersecurity threats that target mobile devices
Intentional or unintentional actions by employees, contractors, or partners that compromise the confidentiality, integrity, or availability of an organization's information

What are advanced persistent threats (APTs)?

Simple attacks that target a single computer
Unsophisticated attacks carried out by amateur hackers
Sophisticated attacks that are specifically designed to gain access to sensitive information over an extended period
Attacks that overload a computer system or network with traffic

Which of the following is a type of denial-of-service (DoS) attack? (Select all that apply)

Flooding a network with a high volume of traffic to cause it to crash
Sending malicious emails to trick people into revealing sensitive information
Installing malware on a network to steal data
Using a botnet to launch simultaneous attacks on multiple targets

______ is a type of malware that can spread by attaching itself to files and programs.

viruses
Hint:
viruses

______ is a social engineering attack that involves tricking someone into divulging sensitive information or performing an action by creating a sense of urgency or panic.

scareware
Hint:
scareware

Insider threats can be intentional or unintentional actions by ______ , contractors, or partners that compromise the confidentiality, integrity, or availability of an organization's information.

employees
Hint:
employees
  1. Advanced persistent threats (APTs) are ______ attacks that are specifically designed to gain access to sensitive information over an extended period. Answer: SOPHISTICATED
sophisticated
Hint:
sophisticated

______ is a type of denial-of-service (DoS) attack that floods a network with a high volume of traffic to cause it to crash.

flooding
Hint:
flooding

Sort the following types of cybersecurity threats in order of severity, from most severe to least severe:

Malware
Social engineering
Insider threats
Hint:
Malware
Social engineering
Insider threats

Arrange the different types of malware in order of the level of damage they can cause, from most damaging to least damaging:

Worms
Ransomware
Trojans
Viruses
Hint:
Worms
Ransomware
Trojans
Viruses

Which type of social engineering technique involves the use of fraudulent emails or websites to trick people into giving away sensitive information?

Phishing
Baiting
Pretexting
Hint:
Phishing
Baiting
Pretexting

What are insider threats in cybersecurity?

Cybersecurity threats that originate from outside an organization
Cybersecurity threats that originate from within an organization
Cybersecurity threats caused by natural disasters
Hint:
Cybersecurity threats that originate from outside an organization 
Cybersecurity threats that originate from within an organization 
Cybersecurity threats caused by natural disasters

What is the primary goal of cybersecurity?

To protect against all types of cyber attacks
To protect the confidentiality, integrity, and availability of data
To ensure that no one can access a computer system without permission
Hint:
To protect against all types of cyber attacks 
To protect the confidentiality, integrity, and availability of data 
To ensure that no one can access a computer system without permission

Match the type of cybersecurity threat with its definition:

A type of cyber threat that tricks victims into giving away sensitive information
Malware
A type of cyber threat that involves malicious software that can harm computer systems
Social engineering
A type of cyber threat that involves an attack by a hacker who gains access to a network and remains undetected for a long period of time
Insider threats
A type of cyber threat that comes from within an organization, often by an employee who has authorized access to company data
Advanced persistent threats
A type of cyber threat that floods a network with traffic to make it unusable
Denial-of-service attacks
Hint:
A type of cyber threat that tricks victims into giving away sensitive information ➢Malware
A type of cyber threat that involves malicious software that can harm computer systems ➢ Social engineering
A type of cyber threat that involves an attack by a hacker who gains access to a network and remains undetected for a long period of time ➢ Insider threats 
A type of cyber threat that comes from within an organization, often by an employee who has authorized access to company data ➢ Advanced persistent threats
A type of cyber threat that floods a network with traffic to make it unusable ➢ Denial-of-service attacks

Match the following types of malware with their definitions:

A type of malware that is designed to replicate itself and spread from computer to computer
Viruses
A type of malware that is disguised as legitimate software, but is designed to steal information or harm computer systems
Trojans
A type of malware that is designed to spread quickly through a network, often causing damage as it goes
Worms
A type of malware that locks a user out of their computer or files until a ransom is paid
Ransomware
Hint:
A type of malware that is designed to replicate itself and spread from computer to computer ➢ Viruses 
A type of malware that is disguised as legitimate software, but is designed to steal information or harm computer systems ➢ Trojans
A type of malware that is designed to spread quickly through a network, often causing damage as it goes ➢ Worms
A type of malware that locks a user out of their computer or files until a ransom is paid ➢ Ransomware

Match the following social engineering attacks with their definitions:

A type of social engineering attack that involves sending emails or messages that appear to be from a legitimate source in order to trick victims into revealing sensitive information
Phishing
A type of social engineering attack that involves leaving a bait, such as a USB drive, in a public place in order to entice someone to pick it up and plug it into their computer
Baiting
A type of social engineering attack that involves creating a fake scenario or persona in order to trick victims into revealing sensitive information
Pretexting
Hint:
A type of social engineering attack that involves sending emails or messages that appear to be from a legitimate source in order to trick victims into revealing sensitive information ➢ Phishing 
A type of social engineering attack that involves leaving a bait, such as a USB drive, in a public place in order to entice someone to pick it up and plug it into their computer ➢ Baiting 
A type of social engineering attack that involves creating a fake scenario or persona in order to trick victims into revealing sensitive information ➢ Pretexting

Match the following insider threats with their definitions:

An insider threat that involves stealing sensitive data from an organization and using it for personal gain
Data theft
An insider threat that involves intentionally damaging or disrupting an organization's systems or operations
Sabotage
An insider threat that involves unintentionally causing harm or damage to an organization's systems or operations
Negligence
Hint:
An insider threat that involves stealing sensitive data from an organization and using it for personal gain ➢ Data theft
An insider threat that involves intentionally damaging or disrupting an organization's systems or operations ➢ Sabotage
An insider threat that involves unintentionally causing harm or damage to an organization's systems or operations ➢ Negligence

Match the following denial-of-service attacks with their definitions:

A type of DoS attack that floods a network with traffic in order to make it unusable
Network-based attacks
A type of DoS attack that targets specific applications or services in order to make them unavailable
Application-based attacks
A type of DoS attack that involves using multiple sources to flood a network with traffic
Distributed attacks
Hint:
A type of DoS attack that floods a network with traffic in order to make it unusable ➢ Network-based attacks 
A type of DoS attack that targets specific applications or services in order to make them unavailable ➢ Application-based attacks
A type of DoS attack that involves using multiple sources to flood a network with traffic ➢ Distributed attacks

Fill in the blank:

{viruses} is a type of malware that can spread by attaching itself to files and programs.

Hint:
viruses

Fill in the blank:

{scareware} is a social engineering attack that involves tricking someone into divulging sensitive information or performing an action by creating a sense of urgency or panic.

Hint:
scareware

Fill in the blank:

Insider threats can be intentional or unintentional actions by {employees}, contractors, or partners that compromise the confidentiality, integrity, or availability of an organization's information.

Hint:
employees

Fill in the blank:

  1. Advanced persistent threats (APTs) are {sophisticated} attacks that are specifically designed to gain access to sensitive information over an extended period. Answer: SOPHISTICATED
Hint:
sophisticated

Fill in the blank:

{flooding} is a type of denial-of-service (DoS) attack that floods a network with a high volume of traffic to cause it to crash.

Hint:
flooding

Have you ever fallen victim to a phishing attack?

{ [Yes] [No] }

How often do you update your anti-virus software?

{ [Daily] [Weekly] [Monthly] [Rarely] [Never] }

Have you ever witnessed an insider threat in your workplace?

{ [Yes] [No] [Not Sure] }

Have you or anyone you know been a victim of ransomware?

{ [Yes] [No] [Not Sure] }

How familiar are you with denial-of-service (DoS) attacks? (Very Familiar/Somewhat Familiar/Not Familiar At All)

{ [Very Familiar] [Somewhat Familiar] [Not Familiar At All] }
Copyright © TrueTandem