Introduction to Cyber Security - Unit 2.1 and Unit 2.2

denial-of-service (DoS) attack

Preventing a target from fulfilling its intended function, typically by keeping the target busy or causing it to crash.

Search Engine Optimization

(SEO) Involves designing websites with the intention of helping search engines best. It is a set of techniques used to improve a website's ranking by a search engine.

Virus

A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. Viruses can also be programmed to mutate to avoid detection

Bot

A program that can do things without the user of the computer having to give it instructions. Many bots are malware as they are installed without people's permission and can be controlled over the internet and used to send spam or steal data. Also known as web robots.

Buffer Overflow

A technique for crashing by sending too much data to the buffer in a computer's memory

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Advanced Persistent Threats (APTs)

Any sophisticated series of related attacks taking place over an extended period of time. An APT targets organizations or nations for business or political reasons.

Botnets

Bad bots perform malicious tasks allowing an attacker to take complete control over an affected computer for the criminal to control remotely.

DDoS

Denial of service attack committed using dozens of computers, usually zombies on a botnet.

Brute-force attacks

Exhausts all possible password combinations to break into an account

Worms

Independent computer programs that copy themselves from one computer to other computers over a network. Worms are malicious code that replicate themselves by independently exploiting vulnerabilities in networks. Worms usually slow down networks.

Network Sniffing

Intercepting packages on a wireless or wired network and viewing the contents of these packages to decipher passwords or other sensitive information

Man-in-the-middle (MITM) attack

MitM allows the attacker to take control over a device without the user's knowledge. MitM attacks are widely used to steal financial information.

SEO

Search Engine Optimization

Tailgating

The act of unauthorized individuals entering a restricted-access building by following an authorized user.

social engineering attack

The attacker manipulates a person who knows the password into providing it.

Scareware

This is a type of malware designed to persuade the user to take a specific action based on fear. Scareware forges pop-up windows that resemble operating system dialogue windows.

Something for Something (Quid pro quo)

This is when an attacker requests personal information from a party in exchange for something, like a free gift.

Ransomware

This malware is designed to hold a computer system or the data it contains captive until a payment is made

Spyware

This malware is designed to track and spy on the user.

Zombie networks

Virus-infected computer hosts. The zombies are controlled by handler systems.

overwhelming quantity of traffic

a DoS attack in which an enormous number of packets are sent to a network at a rate that the network systems cannot handle. This results in a slowdown of network transmission or response, or the crash of a device or service.

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

non-validated input

a vulnerability in which data supplied to a program by a user or exploit causes the application to behave in an unintended way

man-in-the-mobile (MitMO)

an attack that is a variation of (MitM). A mobile device is infected with malware that takes control of the device and causes it to forward sensitive information to attackers.

software vulnerabilities

an error in the specification, development or configuration of software such that its execution can violate the security policy

Trojan Horse Virus

hides inside other software, usually as an attachment or a downloadable file. A Trojan horse differs from a virus because it binds itself to non-executable files.

Access-control problems

improper use of practices that manage physical control of equipment, data, or applications

Pretexting

occurs when someone improperly accesses your personal information by posing as someone who needs data for one reason or another

Rootkit

program that hides in a computer and allows someone from a remote location to take full control of the computer

hardware vulnerabilities

security weaknesses caused by design flaws in computer devices and components. They are usually limited to specific device models and are commonly exploited through targeted attacks.

Adware

software that automatically displays or downloads advertising material (often unwanted) when a user is online.

blended attack

the use of multiple computer attack techniques to compromise a target

maliciously formatted packets

the use of network data structures that have been created to disrupt the operation of network devices

impact reduction

the use of techniques to limit the damage caused by a successful attack. These techniques include ways of communicating about the attack to employees and clients, investigation of the attack, and measures to prevent future attacks.

Vulnerability Exploitation

the use of various methods, including software tools or social engineering, to gain information about a system. This attacker uses this information to find weaknesses that exist in that specific system.

Race conditions

when the required ordered or timed events do not occur in the correct order or proper timing