CCT 215: Practice CISSP Questions - JMAGIC Malware and Implementing Secure Design - Voice (Domain 4.3)

Ready to unlock the secrets of cybersecurity and ace your CISSP exam? Tune in to the latest episode of the CISSP Cyber Training Podcast, where I, Shon Gerber, guide you through the complexities of a groundbreaking malware discovery by Black Lotus Labs. Unearthed in Juniper routers within critical sectors, JMAGIC poses a stealthy threat by lingering in memory and potentially exfiltrating data. As we dissect this sophisticated malware, we'll also address pivotal CISSP exam questions, offering insights into defending against unauthorized access to SS7 signaling systems and the risks associated with unauthorized VoIP calls to premium rate numbers.

Prepare to fortify your telecommunication systems as we uncover strategies to combat vishing, unauthorized PBX call forwarding, and the vulnerabilities of SS7 protocols. You'll learn about leveraging Secure Real-time Transport Protocol (SRTP) for encrypting VoIP communications and employing robust spam filters to counter SPIT. As we wrap up, I’ll provide a tried-and-true CISSP exam preparation blueprint to bolster your confidence and readiness. Whether you're keen on enhancing your cybersecurity prowess or ensuring exam success, this episode is packed with essential knowledge and strategies designed to help you thrive in the ever-evolving cybersecurity landscape.

Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every month for the next 12 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.

Speaker 2: 0:26 

Hey, I'm Sean Gerver with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is CISSP Question Thursday and we are going to be focused on the questions that are tied to, in this case, domain 4.3 of the ISC Squared CISSP Study Guide guide. And again, as you guys are well know, that, if you go to CISSP cybertrainingcom, you can get access to these. This episode you get access to while you're also listening to it on the podcast, but you can get access to the video that's available to you as well at CISSP cybertraining. If you want content, if you want a step-by-step guide on how to pass the CISSP, you also you you can sign up with CISSP Cyber Training and purchase one of the options available and you will get my blueprint, which will help you step by step as you're studying through the CISSP exam.

Speaker 2: 1:14 

But, being set aside, one thing I want to talk about before we get into the training today is about an article that I saw within the register. Now the register brought up this article around labs called Black Lotus Labs and they uncovered a sophisticated backdoor dubbed JMAGIC. Yeah, that's the name. It sounds like you could go a lot of different ways with JMAGIC, but it's targeting juniper routers in critical sectors and one of the main factors that they're looking at is the semiconductor industry, energy and manufacturing. They said it's been going on for probably about a year and a half now and the interesting parts about this is it looks extremely, extremely cool and Gucci, but if it's unleashed on the wrong cases, it could be extremely bad.

Speaker 2: 2:03 

Jmagic is a variant of the invisible back door that operates pretty much stealthily by monitoring network traffic for specific conditions before it'll actually activate. It resides solely in memory. So that's actually a very interesting piece of malware to reside solely in memory. Why do we say that? Well, because in many cases, if it's sitting in memory, it's very volatile. It has because of that. It has. Stealth is a main factor and it will also, once it's engaged, it will stay persistent. It basically monitors network traffic, waiting for one of five specifically crafted air quotes magic packets, and then these will establish an ssl connection with the sender. So that's a pretty substantial aspect. Now, the one thing we do know that when you're dealing with outbound connections from an organization, ssl or any sort of encrypted traffic, in many cases, in many situations, is not being monitored by the folks within a SOC. And why is that? Because it's encrypted, so you have to put some very specific controls in place to help monitor for this SSL traffic. It then will send a random five-character alphanumeric string and then it is set up with a hard-coded RSA key. It will decrypt the string using corresponding private keys and then it will send it back. So it's an interesting part. It's designed specifically for exfiltration, obviously, and then to deploy any additional malware that you may have within where they may have it already pre-positioned within the organization. So bottom line is is, if you don't, if you have these Juniper routers within your environment, you may want to take a look at it. It is again targeting folks within the US, uk, europe and Russia, and they're focused on chips manufacturing and the energy sector. So, just a piece of advice you may want to just go check that out and see what may or may not be affecting you and your environment.

Speaker 2: 3:55 

All right, so let's get started on the questions for today. Okay, so the question for today. We are in group nine again, the cissp cyber training. Uh, you can go there and this is one of hundreds of questions that I have available for you to help you study for the exam. Now, as we all mentioned again, taking the CISSP exam. Questions are an important part of understanding the mindset and thought process behind what would be the individuals asking the questions. But mainly is that if you are a CISSP, you are a security professional within an organization. You need to understand the thought process, so the questions are designed to help you understand the thought process. Memorizing questions will not get you the questions you need to pass the test. The ultimate goal of going through question after question after question is to try to think about how would a senior professional think about a specific cybersecurity situation. So we're going to get into the questions.

Speaker 2: 4:49 

Question one a telecom provider has reported a sudden increase in call failures across their network. Upon investigation, they discover that unauthorized access was gained to their SS7 signaling system. What is the primary risk associated with this type of attack? So, again, the telecom provider reported a sudden increase in call failures. Upon investigation, they discovered unauthorized access to their ssl signaling system. What is the primary risk associated with this type of attack? A eavesdropping on calls and text messages. B intercepting data packets in the voip system. C explo, exploiting toll fraud and PBX systems. Or D conducting spam over internet telephony. Yeah, that's it. Let's spit, let's spit? And the answer is A eavesdropping on calls and text messages. Right, so we know if you compromise the SS7 signaling protocol. It is a critical part of the operations of a PSTN system and if you gain access to it you can bypass their controls in place and then you would have the ability to eavesdrop on calls and messages that are going through that environment. So, again, it's an important part to keep in mind.

Speaker 2: 6:00 

Question two an organization notices unusual spikes in VoIP traffic during off hours. Upon inspection, they find that unauthorized calls are being made to premium rate numbers overseas. Which mitigation strategy should be the prioritization? Again, organizations notice unusual spikes in VoIP traffic during off hours. What should they do? A implements SRTP for voice encryption. B blocking international and premium rate calls. C configlements SRTP for voice encryption. B blocking international and premium rate calls. C configuring SIP servers to default credentials. Or. D disabling voicemail systems. Again, so they're seeing VoIP traffic during off hours. And the answer is B blocking international and premium calls. Again, blocking unnecessary call destinations such as international or premium rate numbers, depending upon how it's all set up within your organization. It is a way that you can effectively reduce, potentially, the risk of toll fraud. Encrypting of SRTP protects confidentiality of voice data, but it does not do anything to prevent unauthorized call routing. And then configuring the SIP is basically an example of poor security practice, and disabling email or voicemail just doesn't do anything to this whole conversation.

Speaker 2: 7:09 

Question three A user receives a call claiming to be from their bank, asking them to verify their account information. The caller ID displays the legitimate bank's number. What method is the attacker using? Again, legitimate call. They think it is the attacker using. Again, legitimate call. They think it's legitimate. Receives a call from their bank asking them to verify the account. Caller ID says it's a legitimate bank number. A eavesdropping, b session hacking. C caller ID spoofing. Or D man in the middle. And again the answer is C caller ID spoofing. Again, it's a tactic where attackers will manipulate. They will take advantage of a caller ID to appear to be coming through what they're supposed to be from a trusted entity like such as in this situation, a bank or potentially, a government agency. This is a vishing attack and it does create a sense of legitimacy and trust. So, therefore, what do you do? Oh, yes, I will give you all of my bank information. So again, keep that in mind. That is caller ID spoofing.

Speaker 2: 8:05 

Question four a company discovers that a PBX system has been hacked. The attackers have configured it to forward calls to unauthorized international numbers. What is the best way to prevent this type of fraud in the future? A use session border controllers. B encrypt calls using SRTP. C implement multi-factor authentication on all PBX users. Or. D disable unused extensions and features within, obviously, the PBX system. So, again, a company discovers a PBX system is being hacked and attackers have configured it to forward calls. What should you do? And the answer is D disable unused extensions and features. Right? So a lot of times what happens is you have these extensions or features that may be out there that you are utilizing, or maybe you're not even utilizing them, and now what ends up happening is attackers will use them for their benefit. So you need to disable these unused features to limit the attack surface and reduce opportunities for exploitation. Again, again, very important part.

Speaker 2: 9:02 

Question five A company implements a program to educate employees on recognizing vishing attempts. Which tactics should employees be taught to recognize as a potential red flag? A Calls requesting immediate payment to avoid account suspension. C Routine calls requesting clarification on account suspension. C routine calls requesting clarification on account details. C calls originating from internal numbers or D request to verify email addresses over the phone. So a company implements a program to educate employees on recognizing vishing attempts. Which tactics should employees be taught to recognize as a red flag? And the answer is A calls requesting immediate payment to avoid account suspension. Right, phishing attackers will commonly use this sense of urgency and it's not just them, it's everybody right, please do it now or you will lose access. And it's designed to pressure victims into providing sensitive information or making payments right. And I've had family members do this specifically as well, making a mistake and oh yeah, sure I'll pay you. Then they realize at the end of it oh no, that was a bad idea, yes.

Speaker 2: 10:07 

Question six an attacker intercepts an unencrypted voip call and gains access to sensitive corporate discussions. Not good. Which protocol should be the company's? Which protocol should the company implement to prevent such incidents? And they? They intercept unencrypted VoIP calls. A Secure real-time transport protocol, srtp. B Signaling system 7, ss7. Session initiation protocol, sip, or real-time transport protocol, rtp.

Speaker 2: 10:37 

And the answer is, and we've talked about it it is.

Speaker 2: 10:40 

A Secure real-time transport protocol. Srtp encrypts and authenticates real-time audio and video streams, preventing attackers from accessing sensitive data during a VoIP call. It's something it used to have to set up initially. You had to actually go physically and set this up. Now in many cases, I believe it pretty much comes on as default.

Speaker 2: 11:03 

Question seven which of the following is a primary weakness of older PSTN systems? Which is the following is a primary weakness of older PSTN systems A susceptibility to spit spam over internet telephonically. B poor integration with fiber optics networks. C difficult in scaling for international use or D vulnerabilities in SS7 signaling protocols? Which of the following is the primary weakness of PSTN systems which are old as dirt? It is D SS7 signaling protocols. Again, this is where you rely on the SS7 for call routing and signaling, which is designed without modern security. And what happens? Bad things can happen on old PSTN.

Speaker 2: 11:41 

Question eight what is the best way to minimize the impact of spit and VoIP systems? The impact of spit on VoIP systems. I should say Okay. What's the best way to minimize the impact of spit on VoIP systems? A encrypt VoIP to use SRTP. B disable international call features. C use spam filters to monitor SIP messages or D to change default SIP port numbers. And the best way to minimize that is, c to use spam filters to monitor SIP messages. So these unsolicited spam calls will be made and then, obviously, when they're made, these spam filters will analyze these messages and detect aha, these are spamalicious. So you don't want those. And therefore what will happen? They will go away. Well, so you don't want those and therefore what will happen? They will go away. Well, actually, you just get an indication saying this might be spam, this might be a scam.

Speaker 2: 12:27 

Question nine an attacker uses tones generated by a blue box to manipulate the analog phone systems. What specific type of attack does this represent? Again, attacker uses air quotes tones to generate a blue box, to buy a blue box, to manipulate analog phone systems. What kind of? B exploiting in-band signaling. C voicemail hacking or D denial of service. Using Blue Box to manipulate an analog system. It is B exploiting the in-band signaling. Blue Box has exploited vulnerabilities in analog telecommunication systems by generating in-band signaling tones. Right, so that's what they do and they call routing. And then that would bypass the billing system by using this beep boop, boopboop-boop thing. So that's the exploiting of the in-band systems.

Speaker 2: 13:13 

Question 10. An organization discovers that attackers have accessed their voicemail systems and are using it to receive fraudulent calls for social engineering. What is the most effective mitigation for this type of attack? So, again, an organization discovers that attackers have accessed their voicemail systems and are using it to receive fraudulent calls for social engineering. What is the most effective mitigation for this type of attack? A SRTP to secure voicemail recordings. B Block calls from unrecognized numbers. C Require strong, unique passwords for voicemail access. Or D Disable voicemail access after business hours. And the answer is C Require strong, unique passwords for voicemail access after business hours. And the answer is C require strong, unique passwords for voicemail access. Again, this is an important part and you don't want to make sure you have strong voicemail passwords. Have a spreadsheet with saying yes, ceo is 1234. The CIO is 4321. The CFO is 12225. You don't want to have that in a spreadsheet sitting on somebody's desk or in their computer because, yeah, that kind of bypasses the whole product.

Speaker 2: 14:20 

Question 11. An employee receives a call from someone claiming to be from IT department Uh-huh Requesting the employee's hot login credentials to resolve a system issue. I've used this a lot and I'll make the internet go faster. Just give me your credentials. It'll work, I promise you what is the best immediate response for the employee? A hang up and report the call to IT security. B provide the credentials if the caller ID matches its number. C verify the call if you're asking for their supervisor's number. Or. D ignore the request but stay on the call to gather more information. You maybe could have a buddy you could talk to them a little bit more and their friend from Uganda or wherever. No, so you want to A hang up the report the call to IT security. Yes, there it's a phishing attempt to terminate the transaction and report it as quickly as you possibly can. Again, that's a big question mark there. It's kind of interesting. All right, not really a question mark, it's a statement. Sorry, that was kind of weird.

Speaker 2: 15:14 

Question 12, an attacker exploits a PBX system to route international calls for free. The company suspects that the PBX system was not properly secured. What action would have likely prevented this issue? So again, an attacker exploits a PBX system to route international calls for free. The company suspects the PBX was not properly secured. What action would likely have prevented this issue? A Updating the PBS firmware regularly. B Using intrusion detection systems IDSs to monitor the calls. C Enforcing lease privilege for administrative users. Or D Restricting outbound call permissions by authorized users only. And the answer is D yes, by rest. Restricting outbound call permissions by authorized users only, and the answer is D yes. By restricting the outbound calls to specific users or departments will limit the ability for attackers to exploit PBX systems for total fraud. That again means you've got to set it up, and what probably is the case now in many ways is your PBX system was set up by somebody my age and they've all moved on to the nursing care homes and now nobody knows how to set the darn thing up. So guess what? You're going to have to figure it out. But the good thing is you have the internet and there's lots of online resources to help you. So get right in there to your PBX system.

Speaker 2: 16:27 

Question 13. Which of the following VoIP systems configurations can most effectively reduce spit attacks? I just like to say that the spit attack. Which of the following VoIP system configurations can most effectively reduce spit attacks? A implementing SIP-specific firewalls with spam detection. C changing default SIP ports to non-standard ones. C encrypting SIP communications with TLS. Or D disabling call forwarding our features. Okay. So what is the following voip system configurations that can most effectively reduce spit attacks? And the answer is a implementing sip specific firewalls with spam detection. So if you don't know, do you just know that spit attack deals with the spam? So focus on that and then utilize that in the question. If you don't know, narrow it down to the ones that you may feel comfortable that it's probably this or it's close to this. Again, like I say, these questions, you may or may not see them on the CISSP exam. The ultimate goal is for you just to understand that they do exist.

Speaker 2: 17:26 

Question 14, why are legacy telecommunication systems more susceptible to freaking attacks than the modern systems? Again, which ones systems more susceptible to freaking attacks than the modern systems? Again, which ones are more susceptible to freaking attacks than the modern systems? A legacy systems lack signaling protocols entirely. B legacy systems rely heavily on encryption to secure calls. C legacy systems use in-band signaling, which is easier to exploit. And d legacy systems allow unlimited call forwarding. So all of those may have something in there, but the one that is most susceptible, and why they're most susceptible, is C legacy systems use in-band signaling, which is easier to exploit, because we kind of talked about this a few times in this discussion. By doing that they're allowing them the signals over the same channel as voice data, making it easier for attackers to manipulate these signals, such as tools such as blue boxes. Again, that's one of the legacy systems.

Speaker 2: 18:21 

Question 15. A company notices unusual patterns in its call logs, which is of high volumes of calls to specific international numbers. What is the most effective first step in addressing this issue? Okay, so again you notice that now it's going to all kinds of international numbers again. And what should you do? A block all international calls immediately. Yes, that is taking a sledgehammer to the problem. It will work, but it may not be the most important. B audit PBX logs, calls and identify unauthorized activity. C enable encryption on VoIP traffic Okay, and then D change administrative passwords for the PBX system.

Speaker 2: 18:58 

Okay, so you're noticing unusual call logs and high volumes to a specific international number. What are the first steps you should do? The first steps would be audit PBX call logs and identify the unauthorized activity. You want to understand what's going on. You got to audit it, to look at it and figure out hey, this is not good, we need to deal with this. Then you may want to enable, after you deal with that problem, changing administrative passwords, enable encryption, all those type fun things you may want to do in the future, but the first thing is audit it and figure out. What kind of problem do you have? Houston, we have a problem and you want to get that word out and addressed as quickly as possible. Okay, that is all I have for you today on CISSP Cyber Training.

Speaker 2: 19:43 

Head on over to CISSP Cyber Training. I've got 360 free questions for you at CISSP Cyber Training. You can go to freecisspquestionscom, you can go to cisspquestion or cisspcybertrainingcom. Just go Google it. You'll find it Googly-woogly and there's 360 free questions for you that are passed out over the period of six months and you'll get those in bulk. Basically every two weeks you'll get some. So, as you're studying, you'll be ready to go.

Speaker 2: 20:08 

If you want a plan a plan to help you step-by-step to get ready to pass the CISSP exam you need to sign up with CISSP Cyber Training. You can purchase one of my products that I have and then what it'll do is it'll give you access to my blueprint, and my blueprint is the bomb. It will help you step-by-step on what you need to do to be better prepared for the exam. If you walk through my blueprint, everybody that has walked through my blueprint has passed the CISSP exam. The key is is that the ones that have used my blueprint, they pass it. The ones that don't use it, well, that's up for grabs. You just never know. The bottom line is is go to CISSP Cyber Training and check it out. You also can go to reducecyberriskcom and you can also check that out If you're looking for a consultant.

Speaker 2: 20:50 

I've got the ability to help you there as well. Lots of great stuff available Again. Go check out CISSPcybertrainingcom and get access to 360 free questions for you to help cram for the CISSP. Have a wonderful day, y'all. We'll catch you all on the flip side, See ya.