Chapter 6 - Comparing Threats, Vulnerabilities, and Common Attacks

¡Supera tus tareas y exámenes ahora con Quizwiz!

Request for Comments (RFC)

A document published by the IETF that details information about standardized Internet protocols and those in various development stages.

Spear Phishing

A phishing attack that targets a specific group of users or even a single user

Fileless virus

A virus that operates in main memory instead of from a file on a disk. Often are scripts injected into legitimate processes

Zero-Day exploit

A vulnerability that is exploited before the software creator/vendor is even aware of its existence and therefore no patch is available. Can evade up-to-date antivirus software

Insider Threat

Anyone who has legitimate access to an organization's internal resources. Issues include loss of confidentiality and availability.

Rootkit

Malicious code that is designed to hide the existence of processes or programs from normal detection methods and to gain continuous privileged access to a computer system.

Vishing

Phishing attacks committed using telephone calls or VoIP systems.

Smishing

Phishing attacks committed using text messages (SMS).

Attack vector

The path or means by which an attacker gains access to computers or networks. Examples: Email Social Media

Whaling

a form of spear phishing that attempts to target high-level executives.

Advanced Persistent Threat (APT)

a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments

Watering hole attack

an attack which attempts to discover which websites a group of people are likely to visit and then infects those websites with malware that can infect the visitors.

Hacktivist

an attacker who launches attacks as part of an activist movement or to further a cause

Trusted Automated eXchange of Indicator Information (TAXII)

an open standard that defines a set of services and message exchanges used to share information

Structured Threat Information eXpression (STIX)

an open standard that identifies what cyber threat information organizations should share. Provides a common language for addressing a wide range of cyber threat information. Data is shared via TAXII

Shadow IT

any unauthorized systems or applications within an organization installed by users

Typo Squatting

attack where someone buys a domain name that is close to a legitimate domain name and uses it for malicious purposes (malware, ads, profit)

Social Engineering

attack which uses social tactics to trick users into giving up information or providing actions they normally wouldn't take. Can occur in person, over the phone, via the Internet, or email

Script Kiddie

attacker with very little expertise, sophistication, and funding who uses already existing computer scripts or code to launch attacks

Indicators of Compromise (IoC)

evidence that a cyberattack is happening or has happened. Examples: Increased network traffic Strange destinations Alerts Pop-ups

File Integrity Monitoring (FIM)

feature of antivirus software that calculates hashes on system files to create a baseline, then recalculates hashes and compares them with the baseline. If the hashes are different, it indicates system files have been modified and an alert is sent.

Trojan

malicious code that appears to be something useful but includes a malicious component (backdoor, adware, keylogger, etc.). Often delivered via drive-by downloads

Virus

malicious code that attaches itself to an application and runs when the application is started

Worm

malicious code that can self replicate and does not require user interaction to run

Keyloggers

malicious code that captures a user's keystrokes and stores them in a file.

Cryptomalware

malicious code that encrypts the user's data and then demands payment with the promise of decrypting the data

Logic Bomb

malicious code that executes in response to an event, such as when a specific application is executed or a specific time arrives

Spyware

malicious code that monitors the user's computer and activity

Ransomware

malicious code that takes control of a user's system or data and demands a payment before releasing ownership back to the user

Cuckoo Sandbox

open-source automated software analysis system used to analyze suspicious files/malware

potentially unwanted program (PUP)

programs that a user may not want even if they consented to download it. Often bundled into legitimate downloads

Tailgating

social engineering tactic that occurs when one user follows closely behind another user and gains access to a building without providing credentials. Prevented with mantraps.

Backdoor

software code that provides another way to access a system. Attackers use these to access systems from remote locations

Malware

software that is intended to damage or disable computers and computer systems.

Phishing

the practice of sending email to users with the purpose of tricking them into revealing personal information, installing malware, or clicking on a link.

Reconnaissance

the process of gathering as much information as possible on a specific target


Conjuntos de estudio relacionados

Chapter 7 Research (Gathering Resources)

View Set

Chapter 8: Thinking, Language, and Intelligence

View Set

business stats chapter 13 smartbook

View Set

Biochemistry I -- amino acids and proteins

View Set

Interview Q&A- Cloud Solutions Architect, Cloud Engineer, DevOps

View Set