Damage To An Organization Or Government

Please answer the two questions 1 & 2 And write a response to 3 & 4. A total of 4 paragraphs. Thanks.
1. If you were to plan an information security attack, what type of attack would you conduct and how would you plan it? Why would you choose this type of attack?
2. What type of malware attack do you think can cause the most damage to an organization or government? (choose one). What do you think are the most exploitable weaknesses in their defense?
3. Please write a response to this:
I think that works will cause the most damage to an organization or government.
Worms are programs that can self-replicate and spread through a variety of means, such as emails. Once on a system, the worm will search for some form of contacts database or file sharing system and send itself out as an attachment. When in email form, the attachment is part of an email that looks like it’s from the person whose computer was compromised.
The goal of many malware programs is to access sensitive data and copy it. Some highly-advanced malwares can autonomously copy data and send it to a specific port or server that an attacker can then use to discreetly steal information.
Hackers have many ways of taking advantage of cyber security vulnerabilities. A few of their many techniques can include:
Crypting Services – the encryption of malware to obscure it and make it difficult to detect.
Crimeware – the buying and selling of malware on the “Dark Web,” a black market for cyber criminals. Crimeware is software designed to enable other people (typically those with minimal technical skills) to become cyber criminals.
Remote Administration Tools (RATs) – this type of malware, once activated, grants hackers control over the infected computer. The attacker can then proceed to steal data from the machine, render it inoperable, use the camera and so forth.
Keyloggers – malware that tracks keystrokes, enabling the attacker to eavesdrop on confidential conversations and steal login credentials.
4. Please write a response to this:
The mode of attack I'll shoot for is phishing attack within the company. The question is what type of phishing attack would I choose? The whale phishing attack. A whaling attack is a spear phishing attack against a high-level executive. This is usually a C-level employee, like a Chief Executive or Chief Financial Officer. Since I'll be the head of security within the business the CFO won't suspect that I'm the one committing the cyber crime.
Whaling attacks can yield high rewards. Attackers spend substantial time and effort on the attack. They may use social engineering to get personal details. They research the company to learn the names and achievements of different employees. These details are used to exploit the target’s trust. If the target trusts the attacker, they are more likely to comply.
Impersonation: Another common tactic is the use of impersonation. A hacker can use details from the corporation to impersonate a higher official. For example, an attacker might pose as a senior manager and ask for an employee payroll report. Or, they may pretend to be a fellow employee known by the target. Often, the email address is spoofed – or faked – to look authentic. Spoofing can include a valid-looking email address and company logos.
Whaling attacks are more difficult to detect than typical phishing attacks because they are so highly personalized and are sent only to select targets within a company. Whaling attacks can rely solely on social engineering to fool their targets, though some cases will use hyperlinks or attachments to infect victims with malware or solicit sensitive information.
Resource
What is a Whaling Attack? Identify & Prevent Whale Phishing ( D, Tucakov) 2019 Retrieved from https://phoenixnap(dot)com/blog/what-is-whaling-attack-prevention
WHAT IS A WHALING ATTACK? DEFINING AND IDENTIFYING WHALING ATTACKS ( N, Giundomenico) 2017 Retrieved from https://digitalguardian(dot)com/blog/what-whaling-attack-defining-and-identifying-whaling-attacks