Chapter 6 - Comparing Threats, Vulnerabilities, and Common Attacks
Request for Comments (RFC)
A document published by the IETF that details information about standardized Internet protocols and those in various development stages.
Spear Phishing
A phishing attack that targets a specific group of users or even a single user
Fileless virus
A virus that operates in main memory instead of from a file on a disk. Often are scripts injected into legitimate processes
Zero-Day exploit
A vulnerability that is exploited before the software creator/vendor is even aware of its existence and therefore no patch is available. Can evade up-to-date antivirus software
Insider Threat
Anyone who has legitimate access to an organization's internal resources. Issues include loss of confidentiality and availability.
Rootkit
Malicious code that is designed to hide the existence of processes or programs from normal detection methods and to gain continuous privileged access to a computer system.
Vishing
Phishing attacks committed using telephone calls or VoIP systems.
Smishing
Phishing attacks committed using text messages (SMS).
Attack vector
The path or means by which an attacker gains access to computers or networks. Examples: Email Social Media
Whaling
a form of spear phishing that attempts to target high-level executives.
Advanced Persistent Threat (APT)
a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments
Watering hole attack
an attack which attempts to discover which websites a group of people are likely to visit and then infects those websites with malware that can infect the visitors.
Hacktivist
an attacker who launches attacks as part of an activist movement or to further a cause
Trusted Automated eXchange of Indicator Information (TAXII)
an open standard that defines a set of services and message exchanges used to share information
Structured Threat Information eXpression (STIX)
an open standard that identifies what cyber threat information organizations should share. Provides a common language for addressing a wide range of cyber threat information. Data is shared via TAXII
Shadow IT
any unauthorized systems or applications within an organization installed by users
Typo Squatting
attack where someone buys a domain name that is close to a legitimate domain name and uses it for malicious purposes (malware, ads, profit)
Social Engineering
attack which uses social tactics to trick users into giving up information or providing actions they normally wouldn't take. Can occur in person, over the phone, via the Internet, or email
Script Kiddie
attacker with very little expertise, sophistication, and funding who uses already existing computer scripts or code to launch attacks
Indicators of Compromise (IoC)
evidence that a cyberattack is happening or has happened. Examples: Increased network traffic Strange destinations Alerts Pop-ups
File Integrity Monitoring (FIM)
feature of antivirus software that calculates hashes on system files to create a baseline, then recalculates hashes and compares them with the baseline. If the hashes are different, it indicates system files have been modified and an alert is sent.
Trojan
malicious code that appears to be something useful but includes a malicious component (backdoor, adware, keylogger, etc.). Often delivered via drive-by downloads
Virus
malicious code that attaches itself to an application and runs when the application is started
Worm
malicious code that can self replicate and does not require user interaction to run
Keyloggers
malicious code that captures a user's keystrokes and stores them in a file.
Cryptomalware
malicious code that encrypts the user's data and then demands payment with the promise of decrypting the data
Logic Bomb
malicious code that executes in response to an event, such as when a specific application is executed or a specific time arrives
Spyware
malicious code that monitors the user's computer and activity
Ransomware
malicious code that takes control of a user's system or data and demands a payment before releasing ownership back to the user
Cuckoo Sandbox
open-source automated software analysis system used to analyze suspicious files/malware
potentially unwanted program (PUP)
programs that a user may not want even if they consented to download it. Often bundled into legitimate downloads
Tailgating
social engineering tactic that occurs when one user follows closely behind another user and gains access to a building without providing credentials. Prevented with mantraps.
Backdoor
software code that provides another way to access a system. Attackers use these to access systems from remote locations
Malware
software that is intended to damage or disable computers and computer systems.
Phishing
the practice of sending email to users with the purpose of tricking them into revealing personal information, installing malware, or clicking on a link.
Reconnaissance
the process of gathering as much information as possible on a specific target
