Cybersecurity Malware and Malicious Code

¡Supera tus tareas y exámenes ahora con Quizwiz!

Social Engineering

A completely non-technical means for a criminal to gather information on a target. It is an attack that attempts to manipulate individuals into performing actions or divulging confidential information

Computer Ports

A connection point or interface between a computer and an external or internal device.

Botnet

A widespread network of zombie computers that can be commanded to perform a widespread attack on a computer or network (DDoS)

Bot

A zombie computer infected by malware that "calls home" to a command and control center for further instructions after it infects a computer.

Rogue Access Points

Access point is a wireless access point installed on a secure network without explicit authorization.

Zero-day

An attack that tries to exploit software vulnerabilities that are unknown, or undisclosed, by the software vendor.

SQL Injection

Application or web attack that exploits the failure to validate database queries.

Adware

Displays annoying pop-ups to generate revenue for its authors. The malware may analyze user interests by tracking the websites visited. It can then send pop-up advertising pertinent to those sites.

Tailgating

Following an authorized person to gain entry into a secure location or restricted area.

Spear phishing

Highly targeted phishing attack. uses emails to reach the victims, it sends customized emails to a specific person.

Spam

Junk mail, or unsolicited email, that is used to send advertisements, harmful links, malware, or deceptive content.

Ransomware

Malicious code that holds a computer system, or the data it contains, captive by encrypting the hard drive to force a payment.

Spyware/Adware

Malicious code that is transmitted by email or downloaded from the web, that can collect user information or install banner ads in programs, web browsers, or webpages.

Worm

Malicious code that spreads to other computers without attaching to individual files. Travels through a network

Virus

Malicious executable code that attaches to other programs and - when executed - replicates itself and attach onto other programs, files, and even the boot sector of the hard drive. Relies on users to open it to spread it

Logic Bomb

Malicious program that uses a trigger to awaken the malicious code.

Trojan Horse

Malware that can be downloaded with free software, but carries out malicious operations such as creating a bot.

DDoS amplification attack

Network attack that sends request to DNS server to send entire DNS database to another IP address, overwhelming the machine with gigabytes to terabytes of data

Impersonation

Pretending to be someone else to gain trust or access to unauthorized areas or data.

Keylogger

Program used to record or log the keystrokes of the user on a system.

Dumpster Diving

Retrieving documents from the trash or recycling containers.

Smishing

Sending fake text messages that trick the recipient into visiting a website or calling a phone number to provide sensitive information

80

Standard Port for http

443

Standard Port for https

Whaling

The use of email, IM, or other social media, to attempt to gather private information, such as login credentials, of senior executives or heads of schools.

Phishing

The use of email, IM, or other social media, to try and gather private information, such as login credentials, by masquerading as a reputable person.

Vishing

The use of voice communications such as Voice over IP to try and gather private information, such as login credentials, by masquerading as a reputable person.

Pharming

The use of website to try to gather private information, such as login credentials, by masquerading as a reputable website.

DDoS

Type of attack that denies access to authorized users making the network, network services, or data on the network, unavailable, typically through a zombie botnet of infected computers

Spoofing

Type of attack that impersonates a sender or server to take advantage of a trusted relationship between two systems. A user will think they are communicating with a trusted entity but are not

Man-in-the-middle

Type of attack that intercepts communications between computers to steal information while traveling across the network.

Cross-site scripting (XSS)

Vulnerability found in web applications. It allows criminals to inject scripts into the web pages viewed by users. This script can contain malicious code. It has three participants: the criminal, the victim, and the website. The cyber-criminal does not target a victim directly. The criminal exploits vulnerability within a website or web application. Criminals inject client-side scripts into web pages viewed by users, the victims

Shoulder Surfing

Watching a victim enter a PIN, access code, or credit card number.

Scareware

persuades the user to take a specific action based on fear, by popping up windows that resemble operating system dialog windows.

Spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. Typically installed by a Trojan Horse


Conjuntos de estudio relacionados

PrepU Chapter 62: Managements of Patients With Burn Injury

View Set

The Appendicular Skeletal System

View Set