CS2610 Module 2 Types of Cyber Attacks and Malicious Code Flashcards
Advanced Persistent Threat/APT
Cyber Attack. A network attack in which an unauthorized person gains access to a network and remains undetected.
Backdoor
Cyber Attack. Method of bypassing normal authentication and gaining access to an OS or application.
Buffer Overflow
Cyber Attack. An exploit that takes advantage of the program that is waiting for a user’s input.
Man-in-the-middle Attack
Cyber Attack. Intercepts and relays messages between two parties who are communicating directly with each other.
Cross-Site Scripting (XSS)
Cyber Attack. A code injection attack that allows an attacker to execute malicious JS in another user’s browser.
Denial of Service Attack
Cyber Attack. An attempt to prevent the authorized users from accessing the service.
SQL injection
Cyber Attack. Commonly exploited web app vulnerability that allows the malicious stealing from and altering of a website’s database.
Zero-day exploit
Cyber Attack. A vulnerability in a system or device that has been disclosed but is not yet patched.
Virus
Malicious Code. Software program which, upon execution, replicates itself by modifying other programs and inserting its own code. Requires human interaction.
Network Worm
Malicious Code. Standalone malware which replicates itself in order to spread to other computers.
Trojan Horse
Malicious Code. Program that claims to remove viruses, but actually introduces them to your system.
Botnet
Malicious Code. Used to perform DDoS attack, steal data, send spam, and allow attacker access to the device and its connection
Keylogger
Malicious Code. A type of surveillance tech used to monitor and record every keystroke types on a computer’s keyboard. Can log passwords, bank info, etc.
Rootkit
Malicious Code. A collection of tools or programs that enable administrator-level access to a computer network.
Spyware
Malicious Code. Software hidden from the user in order to gather info about internet interaction, keystrokes, passwords, and valuable data.
