(ISC)2 Certified in Cybersecurity Practice Exam

What type of cyber attack is characterized by targeting high-level officials to authorize large fund transfers?

• A. Phishing Attack
• B. Malware Attack
• C. Whaling Attack
• D. DDoS Attack

The correct answer is: Whaling Attack

In the context of cyber attacks, the term "whaling" specifically refers to the exploitation of high-profile targets within an organization, such as executives and other high-ranking officials. This method is taken from the analogy of "whales" being large, high-value targets, unlike typical phishing which might target a broader audience without distinguishing based on seniority. Whaling attacks often involve crafting very sophisticated and personalized phishing messages that appear legitimate, convincing the target to authorize fraudulent transactions or access sensitive information. Because of the prominence of these individuals, the stakes are much higher, and the impact of successful attacks can have significant consequences for the organization. The other types of attacks mentioned, while they encompass various techniques used by cyber adversaries, do not typically focus on high-level officials or the specific goal of large fund transfers. Phishing can target anyone, malware infections can occur without specifically targeting top executives, and DDoS attacks aim to overwhelm a network rather than trick individuals into authorizing transactions. Thus, whaling is the most fitting term for this specific behavior of targeting high-level officials for fraudulent monetary transactions.