Identify: Methods of attack

 Worm

Definition

Malware that self-replicates, spreading across the network and infecting computers

Example of: Malware


Ransomware

Definition

A malicious attack during which threat actors encrypt an organization's data and demand payment to restore access

Example of: Malware


Spyware

Definition

Malicious software installed on a user’s computer without their permission, which is used to spy on and steal user data

Example of: Malware


Phishing

Definition

The use of digital communications to trick people into revealing sensitive data or deploying malicious software


Spear phishing

Definition

A malicious email attack targeting a specific user or group of users that appears to originate from a trusted source

Example of: Phishing


Whaling

Definition

A form of spear phishing during which threat actors target executives in order to gain access to sensitive data

Example of: Phishing


Business email compromise (BEC)

Definition

An attack in which a threat actor impersonates a known source to obtain a financial advantage

Example of: Phishing


Vishing

Definition

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Example of: Phishing


Social engineering

Definition

A manipulation technique that exploits human error to gain unauthorized access to sensitive, private, and/or valuable data


Social media phishing

Definition

An attack in which a threat actor collects detailed information about their target on social media sites before initiating an attack

Example of: Social engineering


Watering hole attack

Definition

An attack in which a threat actor compromises a website frequently visited by a specific group of users

Example of: Social engineering


Physical social engineering

Definition

An attack in which a threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Example of: Social engineering


USB baiting

Definition

An attack in which a threat actor strategically leaves a malware USB stick for an employee to find and unknowingly infect a network

Example of: Social engineering


Malware

Definition

A software designed to harm devices or networks


Virus

Definition

A malware program that modifies other computer programs by inserting its own code to damage and/or destroy data

Example of: Malware






Comments

Post a Comment

Popular posts from this blog

Common cybersecurity terminology

  As you’ve learned, cybersecurity (also known as security) is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation. In this reading, you’ll be introduced to some key terms used in the cybersecurity profession. Then, you’ll be provided with a resource that’s useful for staying informed about changes to cybersecurity terminology. Key cybersecurity terms and concepts There are many terms and concepts that are important for security professionals to know. Being familiar with them can help you better identify the threats that can harm organizations and people alike. A security analyst or cybersecurity analyst focuses on monitoring networks for breaches. They also help develop strategies to secure an organization and research information technology (IT) security trends to remain alert and informed about potential threats. Additionally, an analyst work...
Read more

Introduction to security frameworks and controls

  Imagine you're working as a security analyst and receive  multiple alerts about suspicious activity on the network.  You realize that you'll need to implement  additional security measures to keep  these alerts from becoming  serious incidents. But where do you start? Play video starting at ::17 and follow transcript 0:17 As an analyst, you'll start by identifying  your organization's critical assets and risks.  Then you'll implement  the necessary frameworks and controls. Play video starting at ::27 and follow transcript 0:27 In this video, we'll discuss how security professionals  use frameworks to continuously identify and manage risk.  We'll also cover how to use  security controls to manage or reduce specific risks. Play video starting at ::40 and follow transcript 0:40 Security frameworks are guidelines  used for building plans  to help mitigate risks and threats to data and privacy.  Security frameworks ...
Read more

syllabus

Cybersecurity program: Year 1: Foundation Courses Semester 1: Introduction to Cybersecurity Fundamentals of Information Technology Programming Basics (Python, C++) Discrete Mathematics Digital Logic Design Lab Work (Programming, IT Fundamentals) Semester 2: Data Structures and Algorithms Computer Networks Operating Systems Cyber Law and Ethics Probability and Statistics Lab Work (Data Structures, Networks) Year 2: Core Cybersecurity Courses Semester 3: Network Security Cryptography Database Management Systems Web Technologies Software Engineering Lab Work (Network Security, Cryptography) Semester 4: Ethical Hacking Secure Coding Practices Wireless and Mobile Security Cyber Forensics Human-Computer Interaction Lab Work (Ethical Hacking, Forensics) Year 3: Advanced Cybersecurity Topics Semester 5: Advanced Cryptography Intrusion Detection and Prevention Systems Cloud Security Risk Management and Compliance Elective I (e.g., Blockchain Security, IoT Security) Lab Work (Intrusion Detection...
Read more