B.

Side-channel attack

C. Whaling and Targeted Attacks

Answer DescriptionExplanation: Whaling is an advanced social engineering technique that targets high-profile individuals, such as executives, managers, or celebrities, by impersonating them or someone they trust, such as a colleague, partner, or vendor. The attacker creates a fake Linkedin profile, pretending to be a high-ranking official from a well-established company, and uses it to connect with other employees within the organization. The attacker then leverages the trust and authority of the fake profile to gain access to exclusive corporate events and proprietary project details shared within the network. This way, the attacker can launch targeted attacks against the organization, such as stealing sensitive data, compromising systems, or extorting money.

The most likely immediate threat to the organization is the loss of confidential information and intellectual property, which can damage the organization’s reputation, competitiveness, and profitability. The attacker can also use the information to launch further attacks, such as ransomware, malware, or sabotage, against the organization or its partners and customers.

The other options are not as accurate as whaling for describing this scenario. Pretexting is a social engineering technique that involves creating a false scenario or identity to obtain information or access from a victim. However, pretexting usually involves direct communication with the victim, such as a phone call or an email, rather than creating a fake Linkedin profile and connecting with the victim’s network. Spear phishing is a social engineering technique that involves sending a personalized and targeted email to a specific individual or group, usually containing a malicious link or attachment. However, spear phishing does not involve creating a fake Linkedin profile and connecting with the victim’s network.

Baiting and involuntary data leakage are not social engineering techniques, but rather possible outcomes of social engineering attacks. Baiting is a technique that involves offering something enticing to the victim, such as a free download, a gift card, or a job opportunity, in exchange for information or access. Involuntary data leakage is a situation where the victim unintentionally or unknowingly exposes sensitive information to the attacker, such as by clicking on a malicious link, opening an infected attachment, or using an unsecured network.

References:
Whaling: What is a whaling attack?
Advanced Social Engineering Attack Techniques
Top 8 Social Engineering Techniques and How to Prevent Them

D. Apply asymmetric encryption with RSA and use the private key for signing.

Answer Description

B.

Stealth/Tunneling virus

A.

Spear-phishing attack

B. Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

Answer Description

A.

-sA

C.

Weaponization

Answer Description

Explanation: Weaponization
The adversary analyzes the data collected in the previous stage to identify the
vulnerabilities and techniques that can exploit and gain unauthorized access to the
target organization. Based on the vulnerabilities identified during analysis, the
adversary
selects or creates a tailored deliverable malicious payload (remote-access malware
weapon) using an exploit and a backdoor to send it to the victim. An adversary may
target specific network devices, operating systems, endpoint devices, or even
individuals within the organization to carry out their attack. For example, the
adversary
may send a phishing email to an employee of the target organization, which may
include a malicious attachment such as a virus or worm that, when downloaded,
installs a backdoor on the system that allows remote access to the adversary. The
following are the activities of the adversary: o Identifying appropriate malware
payload based on the analysis o Creating a new malware payload or selecting,
reusing, modifying the available malware payloads based on the identified
vulnerability
o Creating a phishing email campaign o Leveraging exploit kits and botnets
https://en.wikipedia.org/wiki/Kill_chain
The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery,
exploitation, installation, command and control, and finally, actions on objectives. Below
you can find detailed information on each.
1. Reconnaissance: In this step, the attacker/intruder chooses their target. Then they
conduct in-depth research on this target to identify its vulnerabilities that can be exploited.
2. Weaponization: In this step, the intruder creates a malware weapon like a virus, worm,
or such to exploit the target's vulnerabilities. Depending on the target and the purpose of
the attacker, this malware can exploit new, undetected vulnerabilities (also known as the
zero-day exploits) or focus on a combination of different vulnerabilities.
3. Delivery: This step involves transmitting the weapon to the target. The intruder/attacker
can employ different USB drives, e-mail attachments, and websites for this purpose.
4. Exploitation: In this step, the malware starts the action. The program code of the
malware is triggered to exploit the target’s vulnerability/vulnerabilities.
5. Installation: In this step, the malware installs an access point for the intruder/attacker.
This access point is also known as the backdoor.
6. Command and Control: The malware gives the intruder/attacker access to the
network/system.
7. Actions on Objective: Once the attacker/intruder gains persistent access, they finally
take action to fulfill their purposes, such as encryption for ransom, data exfiltration, or even
data destruction.