Exam 312-50v12 All QuestionsBrowse all questions from this exam
Go to Exam
Question 289

Stephen, an attacker, targeted the industrial control systems of an organization. He generated a fraudulent email with a malicious attachment and sent it to employees of the target organization. An employee who manages the sales software of the operational plant opened the fraudulent email and clicked on the malicious attachment. This resulted in the malicious attachment being downloaded and malware being injected into the sales software maintained in the victim's system. Further, the malware propagated itself to other networked systems, finally damaging the industrial automation components.

What is the attack technique used by Stephen to damage the industrial systems?

    Correct Answer: D

    The attack technique used is a spear-phishing attack. This is a targeted phishing attack where the attacker sends a fraudulent email with a malicious attachment to specific individuals within the organization. When the recipient opens the attachment, malware is installed, which then propagates to other systems, causing further damage. In this scenario, Stephen targeted the employees with a fake email, leading to the installation of malware that eventually damaged the industrial systems, fitting the definition of a spear-phishing attack.

Discussion
insaniuntOption: D

D. Spear-phishing attack

GK2205Option: D

Definitely D: They technique is social engineering to inject malware that propagated. Nowhere in the description is a Human-Machine-interface (HMI) discussed

g_man_rapOption: D

D. Spear-phishing attack Description: Spear-phishing is a more targeted form of phishing where the attacker sends crafted emails to specific individuals or organizations. These emails often contain malware or links to malicious websites and are designed to appear legitimate to trick the recipient into performing actions that trigger malware installation or reveal confidential information. This matches Stephen's actions as described, where he sends a fraudulent email with a malicious attachment, directly targeting employees likely to have access to critical systems.

LordXanderOption: D

The only attack that does damage to a ICS system, is HMI-based attack

LordXander

I meant to click on A

anarchyeagleOption: D

ChatGPT: The attack technique used by Stephen to damage the industrial systems is described as a D. Spear-phishing attack. Here's why: Spear-phishing attack: This is a targeted attack where the attacker sends fraudulent emails to specific individuals or organizations to deceive them into clicking on malicious links or attachments. The goal is to gain unauthorized access to systems or to inject malware, as seen in the scenario described. The fact that Stephen generated a fraudulent email with a malicious attachment and targeted employees of the organization, leading to the compromise of their systems, fits the definition of a spear-phishing attack. HMI-based attack: This involves targeting the Human-Machine Interface (HMI) systems that are used to monitor and control industrial processes. While the malware did affect industrial automation components, the initial attack vector was through a phishing email, not a direct attack on HMI systems.

duke_of_kamuluOption: D

spear-pishing attack D Spear Phishing Attackers send fake emails containing malicious links or attachments, seemingly originated from legitimate or well-known sources, to the victim. When the victim clicks on the link or downloads the attachment, it injects malware, starts damaging the resources, and spreads itself to other systems. For example, an attacker sends a fraudulent email with a malicious attachment to a victim system that maintains the sales software of the operational plant. When the victim downloads the attachment, the malware is injected into the sales software, propagates itself to other networked systems, and finally damages industrial automation components.

fridayfred3pOption: A

HMI-based attack. It asks what Stephen used to damage the industrial systems.

500eb22Option: D

HMI-based attack. It asks what Stephen used to damage the industrial systems.