Difficulty: Hard

Average Score: 25%

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?

Rationale

Creating a false text file in /docs/salaries would attract the attention of a malicious attacker in an insider threat scenario.

This technique is likely to raise suspicion as it involves manipulating sensitive information related to salaries, which can be a target for malicious insiders looking to exploit financial data. Such actions may trigger alerts within security monitoring systems or draw scrutiny from colleagues and management.

A (Creating a false text file in /docs/salaries) CORRECT

This action directly manipulates sensitive organizational data, making it a prime target for malicious insiders. By creating a false text file in a directory associated with salaries, an attacker could potentially mislead others or create a cover for further malicious actions, thus drawing significant attention.

B (Setting weak passwords in /etc/shadow) YOUR ANSWER

While setting weak passwords can compromise security, it may not immediately attract attention unless detected during a security audit or breach. This action is often less visible compared to blatant data manipulation and may go unnoticed until exploited.

C (Scheduling vulnerable jobs in /etc/crontab) YOUR ANSWER

Scheduling vulnerable jobs can indeed pose a security risk; however, it typically requires technical knowledge to identify and exploit. This action might not raise immediate alarms unless users monitor crontab entries closely, making it a more covert method of attack.

D (Adding a fake account to /etc/passwd) YOUR ANSWER

While creating a fake user account can facilitate unauthorized access, it may not be immediately apparent unless system administrators conduct routine checks. This action is more subtle and may evade immediate detection compared to creating a conspicuous false document.

Conclusion

Among the options, creating a false text file in a sensitive directory like /docs/salaries is the most likely action to attract an attacker's attention in an insider threat scenario. It represents a clear manipulation of critical company data, whereas the other options, while potentially harmful, are less likely to raise immediate concern or scrutiny. Understanding the visibility of various malicious actions helps in identifying and mitigating insider threats effectively.

Related Questions

View all