Causes of Data Visibility Issues in Cyber Attack Detection
Question
An employee reports that someone has logged into their system and made unapproved changes, files are out of order, and several documents have been placed in the recycle bin.
The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred.
The software is up to date; there are no alerts from antivirus and no failed login attempts.
What is causing the lack of data visibility needed to detect the attack?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Based on the scenario presented, it is not immediately clear what caused the lack of data visibility needed to detect the attack. However, we can analyze the possible reasons for this.
Option A suggests that the threat actor used a dictionary-based password attack to obtain credentials. This could explain why there were no failed login attempts since the threat actor may have successfully obtained valid credentials. However, if this was the case, there may be some evidence of the attack in the system logs, such as multiple successful login attempts from different IP addresses. The fact that the security specialist found nothing suspicious in the logs suggests that this may not be the cause of the problem.
Option B suggests that the threat actor gained access to the system using known credentials. This is similar to option A, but in this case, the threat actor may have obtained valid credentials through other means, such as social engineering. Again, this could explain why there were no failed login attempts, but it may be difficult for the security specialist to detect this type of attack using system logs alone.
Option C suggests that the threat actor used the teardrop technique to confuse and crash login services. The teardrop attack is a type of denial-of-service (DoS) attack that can cause network devices to crash or become unresponsive. While this may prevent legitimate users from accessing the system, it is unlikely to cause the types of changes that were reported by the employee, such as files being out of order and documents being placed in the recycle bin.
Option D suggests that the threat actor used an unknown vulnerability in the operating system that went undetected. This is a possibility, especially if the software is up to date and there are no alerts from antivirus. However, it may be difficult to determine the cause of the attack without further analysis, such as examining the system memory or network traffic.
In conclusion, based on the information provided, it is difficult to determine the exact cause of the lack of data visibility needed to detect the attack. Options A, B, and D are all possibilities, but there is not enough information to definitively rule out any of them. Option C is less likely since it does not seem to explain the reported changes to the system. It is possible that a combination of these factors contributed to the attack, or that there is another cause altogether that was not mentioned in the scenario.
