Common Attacks and their Effectiveness Flashcards
Common attacks in the modern age
This is the act of using digital communications to trick people into revealing sensitive data or deploying malicious software.
Phishing
This is a type of phishing attack where a threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
Business Email Compromise (BEC)
This is a type of phishing attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Spear Phishing
A type of phishing attack where threat actors target company executives to gain access to sensitive data.
Whaling (A form of Spear Phishing)
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
Vishing
The use of TEXT MESSAGES to trick users, in order to obtain sensitive information or to impersonate a known source.
Smishing (SMSishing)
A software designed to harm devices or networks.
Malware
Malicious code written to interfere with computer operations and cause damage to data and software. Must be transmitted by a threat actor via malicious attachment or file download. When the attachment or download is opened, the malicious code hides itself in other files in the now infected system. When the infected files are opened, it allows the ________ to insert its own code to damage and/or destroy data in the system.
Virus
Malware that can duplicate and spread itself across systems on its own. In contrast to a virus, a ____ does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already infected computer to other devices on the same network.
Worms
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.
Ransomware
Malware that’s used to gather and sell information without consent. ____ can be used to access devices. This allows threat actors to collect personal data, such as private emails, texts, voice and image recordings and locations.
Spyware
A manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question. It’s the mission of a threat actor, acting as a social engineer, to create an environment of false trust and lies to exploit as many people as possible.
Social Engineering
A threat actor collects detailed information about their target from social media sites, then they initiate an attack.
Social Media Phishing (Passive Recon)
A threat actor attacks a website frequently visited by a specific group of users.
Watering Hole Attack
A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network.
USB Baiting
