Attacks, Concepts and Techniques Flashcards
Module 2 (36 cards)
any code that can be used to steal data, bypass access controls, or cause harm to or compromise a system
Malware
Designed to track and spy on you. Monitors your online activity and can log every key you press on your keyboard, as well as capture almost any of your data, including sensitive personal information such as your online banking details. It often bundles itself with legitimate software or Trojan horses.
Spyware
often installed with some versions of software and is designed to automatically deliver advertisements to a user, most often on a web browser.
Adware
used to gain unauthorized access by bypassing the normal authentication procedures to access a system. As a result, hackers can gain remote access to resources within an application and issue remote system commands. Works in the background and is difficult to detect.
Backdoor
designed to hold a computer system or the data it contains captive until a payment is made. Usually works by encrypting your data so that you can’t access it.
Ransomware
uses ‘scare’ tactics to trick you into taking a specific action.
Scareware
designed to modify the operating system to create a backdoor, which attackers can then use to access your computer remotely. Takes advantage of software vulnerabilities to gain access to resources that normally shouldn’t be accessible (privilege escalation) and modify system files.
Rootkit
a type of computer program that, when executed, replicates and attaches itself to other executable files, such as a document, by inserting its own code. Requires end-user interaction to initiate activation and can be written to act on a specific date or time.
Virus
carries out malicious operations by masking its true intent. It might appear legitimate but is, in fact, very dangerous. Exploits your user privileges and are most often found in image files, audio files or games.
Trojan Horse
malware that replicates itself in order to spread from one computer to another. Can run by themselves. They exploit system vulnerabilities, they have a way to propagate themselves, and they all contain malicious code (payload) to cause damage to computer systems or networks
Worms
the manipulation of people into performing actions or divulging confidential information. Relies on people’s willingness to be helpful, but they also prey on their weaknesses.
Social Engineering
an attacker calls an individual and lies to them in an attempt to gain access to privileged data.
Pretexting
an attacker quickly follows an authorized person into a secure, physical location.
Tailgating
an attacker requests personal information from a person in exchange for something, like a free gift.
Something for something (quid pro quo)
infected by visiting an unsafe website or opening an infected email attachment or infected media file
bot computer
a group of bots, connected through the Internet, that can be controlled by a malicious individual or group.
Botnet
intercept or modify communications between two devices, such as a web browser and a web server, either to collect information from or to impersonate one of the devices. This type of attack is also referred to as a man-in-the-middle or man-in-the-mobile attack.
On-path attackers
a cybercriminal takes control of a device without the user’s knowledge.
Man-in-the-middle (MitM)
type of attack used to take control over a user’s mobile device
Man-in-the-mobile (MitMo)
SEO
search engine optimization
proving an organization’s website so that it gains greater visibility in search engine results.
Search Engine Optimization (SEO)
This technique attempts to gain access to a system by ‘spraying’ a few commonly used passwords across a large number of accounts
Password spraying
A hacker systematically tries every word in a dictionary or a list of commonly used words as a password in an attempt to break into a password-protected account.
Dictionary attacks
an attacker using all possible combinations of letters, numbers and symbols in the password space until they get it right.
Brute-force attacks
